The premise: on a Linux workstation I regularly download and use various software, let's say Perl or Nodejs modules. When I use them they run on the machine with me as the owner and can do whatever I can in my home directory, so they can access and steal (send over the network) my keys etc.
That thought has been gnawing me for years, now I finally found time to learn SELinux to deal with the problem. But as I was learning SELinux, it occurred to me, that someone might have already created some modules for applications which use those sensitive data, let's say a SELinux policy module for gnupg
to restrict access to the gpg keys only for that app. But it seems not to be the case. So that is why I started to doubt the whole idea. I searched the web for "linux process home directory steal files" and similar queries and results were generally about physical theft. It's very unlikely, that I'm the only one who thought about this.
So my first question is whether the premise is true?
If it is, then what are optimal options to deal with this? Currently I'm going to try to customize the targeted SELinux policy to allow access to those sensitive files only to a limited set of processes and possibly limit network access on the application basis.
I would need to customize the targeted policy, since it seems to allow the unconfined_t
domain to access both user_home_t
and gpg_secret_t
, since gpg_secret_t
is part of the user_home_type
attribute and the policy allows full access to it:
$sesearch -t gpg_secret_t -A
…
allow unconfined_t user_home_type:file { read write … }