Local DoS attack vectors in seunshare 3.10 (SUSE Security Team Blog)
Date:
Wed, 15 Jul 2026 15:52:13 +0000
Description:
The SUSE Security Team Blog has a post with an analysis of seunshare ,
which is used by SELinux to confine untrusted programs. During a
review of version
3.10 of the program, the team identified two local
Denial-of-Service (DoS) vectors. Since seunshare is supposed to run on SELinux-enabled systems, it
is important to understand what kind of privilege escalation can be
achieved when vulnerabilities are exploited in a setuid-root binary
like this. Many SELinux-enabled systems, such as Fedora and openSUSE,
ship with the "targeted" SELinux policy by default. This policy is
focused on confining well-known system services, but assigns an
unconfined SELinux context to interactive users by default to achieve
a balance between security and usability. There is currently no domain transition from the unconfined domain
to the more restricted seunshare_t defined in the SELinux policy for
seunshare . This means the execution of seunshare continues in the
unconfined domain. Thus in the context of attacks carried out by
interactive users, the impact of the vulnerabilities below will be a
root-like privilege escalation despite the system running in SELinux
enforced mode. See the post for the full write-up of the team's discoveries and timeline. The
vulnerabilities have been fixed in version3.11 .
======================================================================
Link to news story:
https://lwn.net/Articles/1083076/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)