Limiting the scope of transitions

For security reasons, Linux systems can reduce the ability for processes to gain elevated privileges under certain situations or provide additional constraints to reduce the likelihood of vulnerabilities to be exploitable. The SELinux developers too honor these situations.

Sanitizing environments on transition

When a higher-privileged command is executed (be it a setuid application or one where capabilities are added to the session), the GNU C Library (glibc) will sanitize the environment. This means that a set of sensitive environment variables is discarded to make sure that attackers or malicious persons or applications cannot influence the session.

This secure execution is controlled through an Executable and ...

Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Second Edition by Sven Vermeulen

Limiting the scope of transitions

Sanitizing environments on transition

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly