www.mina-info.me - c99shell

!C99Shell v. 1.0 pre-release build #16!
Software: Apache/2.0.54 (Fedora). PHP/5.0.4 uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 uid=48(apache) gid=48(apache) groups=48(apache) context=system_u:system_r:httpd_sys_script_t Safe-mode: OFF (not secure) /usr/share/doc/setools-2.1.2/ drwxr-xr-x Free 3.83 GB of 27.03 GB (14.16%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t

Safe-mode: OFF (not secure)

/usr/share/doc/setools-2.1.2/ drwxr-xr-x
Free 3.83 GB of 27.03 GB (14.16%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: file_relabel_help.txt (2.59 KB) -rw-r--r--
Select action/file-type:
(+) | (+) |

(+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

AN OVERVIEW OF FILE RELABEL ANALYSIS
apol, version 2.1
August 31, 2005
selinux@tresys.com

UNDERSTANDING FILE RELABEL ANALYSIS

The permission to relabel objects in a mandatory access control
system is an important privilege. In SELinux this privilege is
controlled by the relabelto and relabelfrom permissions.
Understanding the net effect of these policy rules is complex
because it requires the examination of multiple rules potentially
spanning dozens of files. In order to be able to successfully
relabel an object, a subject must be able to

	- relabelfrom the starting type
	- relabelto at least one other type

For example, consider the following rules

	allow sysadm_t filea_t : file relabelfrom;
	allow sysadm_t { fileb_t filec_t } : file relabelto;

If these rules are the only relabel rules present in the policy,
sysadm_t would be allowed to relabel files of type filea_t to
fileb_t or filec_t. Both a relabelfrom and a relabelto rule for a
single subject must be present for a relabel to be possible.

Determining the potential ending types to which a starting type
can be relabeled requires examining all subjects for relabel
rules from the starting type to one or more ending types.
Determining the relabel privileges of a subject type requires
examining all of the relabel rules containing the subject type.
The direct file relabel analysis in Apol automates both of these
analyses.

USING DIRECT FILE RELABEL ANALYSIS IN APOL

Direct file relabel analysis is designed to facilitate querying a
policy for both potential changes to object labels and relabel
privileges granted to a subject. These two modes are respectively
called Object Mode and Subject Mode.

OBJECT MODE

In object mode the user specifies a starting or ending type and
either To, From, or Both. When To is selected all types to which
the starting type can be relabeled will be displayed. When From
is selected all types from which the ending type can be relabeled
will be displayed. Both will, obviously, do both analyses.

SUBJECT MODE

In subject mode the user specifies only a subject type. Two lists
of types will be displayed corresponding to all of the types To
which the subject can relabel and From which the subject can
relabel.

OPTIONAL RESULT FILTERS

Results may be filtered in several ways. The end types resulting 
from a query may be filtered by regular expression. The Advanced 
Filters provide the option of selecting which object classes to 
include in the analysis and which types to include as subjects 
of relabeling operations. Note, excluded subjects are ignored in
subject mode because only the selected subject type is used as 
a subject.

:: Command execute ::
Enter:	Select:

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0059 ]--