GitHub - dpquigl/ftransferd: Simple file transfer daemon created for my SELinux tutorial (contains a vulnerability which is contained by the provided policy).

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
policy		policy
Makefile		Makefile
README		README
ftransfer.c		ftransfer.c
ftransferd.c		ftransferd.c
ftransferd.init		ftransferd.init

Repository files navigation

ftransferd is a very simple file transfer daemon that only supports a client
downloading files from the server. The protocol used in the daemon consists of
sending a username and a file name to be requested. The daemon will look in a
directory called public_ftransfer in the home directory of the user specified
in the request for the file specified. The server does not do any form of
authentication so a client can request files from any user's home directory.

Files:
ftransfer.c - Client used for connecting to the ftransferd server. Syntax for
the command can be seen by just running it with no arguments.

ftransferd.c - ftransferd server described above.

ftransferd.init - init script to start and stop ftransferd. Allows us to
confine the domain as an init daemon.

Makefile - Top level make file. Has targets to make and install the client,
server, and policy.

policy/ - Directory holding policy for ftransferd

policy/ftransferd.fc - File contexts for ftransferd files. contains entries for
the server daemon, directories in the user's home directory, and the init
script.

policy/ftransferd.if - Interfaces associated with the ftransferd policy. This was autogenerated by sepolgen-gui. These interfaces are most likely not needed

policy/ftransferd.te - The main policy file containing all of the type enforcement rules. Most of this was generated by sepolgen-gui but the lines at the end pertaining to the user home directory files was added after the fact.

Types:
ftransferd_t: This type is the domain that the ftransferd server runs in. Most policy rules added will be against this type.

ftransferd_exec_t: This is the type applied to the ftransferd binary on disk. It is the only valid entry point type for the ftransferd_t domain.

ftransferd_initrc_exec_t: This is the type assigned to the init script. This allows us to write the proper transition rules so that when the ftransferd program is started as a service it runs as ftransferd_t with the correct user.

ftransferd_content_t: This is the file types assigned to the public_ftransfer directory and all files under it within the user's home directory. This is the only type that the ftransferd daemon is allowed to read.