Elimination of floor (_) labeled executables and relative command paths

[Issue#]       SSDWSSP-684
[Bug/Feature]  A security vulnerability to attacks fixed.
[Cause]        1) Using an floor labaled exec, a malicious process can pollute the floor labelled resources.
               2) If a relative path is used a different, malicious command might be executed (PATH change)
[Solution]     The floor labaled executables and relative command paths were eliminated.
[Verification] 1) Build, install and run tests.
               2) Verify that no executables from the package has the floor label.
               3) Verify that there are no relative command paths in scripts installed by the package.

Change-Id: Ic5b948d38406c47bc424077779303636bcdc8969

diff --git a/packaging/security-server.manifest b/packaging/security-server.manifest
index 71e677f..c46418c 100644 (file)
--- a/packaging/security-server.manifest
+++ b/packaging/security-server.manifest
@@ -23,5 +23,6 @@
        </request>
        <assign>
                <filesystem path="/etc/security/security-server-audit.conf" label="security-server::audit-files" />
+           <filesystem path="/usr/bin/security-server" exec_label="none"/>
        </assign>
 </manifest>