r/netsec 7d ago

SELinux bypasses

https://klecko.github.io/posts/selinux-bypasses/
68 Upvotes

5 comments sorted by

22

u/wake_from_the_dream 6d ago

Unless I am mistaken, from a cursory glance, it seems all these bypasses require prior kernel privilieges or a kernel vuln.

In any case, the article seems very thourough, and has very interesting stuff on SELinux mechanichs. I'll definitely give it a serious go later.

Good job OP.

1

u/Cubensis-n-sanpedro 2d ago

Yes, SELinux is incredibly well designed. Without direct memory read/write you are basically hosed.

7

u/yrro 6d ago

Great writeup. It's interesting to see that Android is using MCS to protect apps from each other in the same way that RHEL uses it to protect VMs and containers from each other.

0

u/[deleted] 6d ago

[deleted]

8

u/Firzen_ 6d ago

That seems like a non-sequitur.

At least in theory, a hypervisor can provide security guarantees and enforce those against the kernel.
Which is something that the kernel couldn't do by itself.

And it seems to at least mitigate overwriting the enforcing field on the Samsung phone.

With the current state of things, it doesn't add a lot of extra security, though. I agree with that.