Skip to content

Simple file transfer daemon created for my SELinux tutorial (contains a vulnerability which is contained by the provided policy).

Notifications You must be signed in to change notification settings

dpquigl/ftransferd

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ftransferd is a very simple file transfer daemon that only supports a client
downloading files from the server. The protocol used in the daemon consists of
sending a username and a file name to be requested. The daemon will look in a
directory called public_ftransfer in the home directory of the user specified
in the request for the file specified. The server does not do any form of
authentication so a client can request files from any user's home directory.

Files:
ftransfer.c - Client used for connecting to the ftransferd server. Syntax for
the command can be seen by just running it with no arguments. 

ftransferd.c - ftransferd server described above.

ftransferd.init - init script to start and stop ftransferd. Allows us to
confine the domain as an init daemon.

Makefile - Top level make file. Has targets to make and install the client,
server, and policy.

policy/ - Directory holding policy for ftransferd

policy/ftransferd.fc - File contexts for ftransferd files. contains entries for
the server daemon, directories in the user's home directory, and the init
script.

policy/ftransferd.if - Interfaces associated with the ftransferd policy. This was autogenerated by sepolgen-gui. These interfaces are most likely not needed

policy/ftransferd.te - The main policy file containing all of the type enforcement rules. Most of this was generated by sepolgen-gui but the lines at the end pertaining to the user home directory files was added after the fact.

Types:
ftransferd_t: This type is the domain that the ftransferd server runs in. Most policy rules added will be against this type.

ftransferd_exec_t: This is the type applied to the ftransferd binary on disk. It is the only valid entry point type for the ftransferd_t domain.

ftransferd_initrc_exec_t: This is the type assigned to the init script. This allows us to write the proper transition rules so that when the ftransferd program is started as a service it runs as ftransferd_t with the correct user.

ftransferd_content_t: This is the file types assigned to the public_ftransfer directory and all files under it within the user's home directory. This is the only type that the ftransferd daemon is allowed to read.

About

Simple file transfer daemon created for my SELinux tutorial (contains a vulnerability which is contained by the provided policy).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published