Re: permissive vs. restrictive issue and solutions...

From: Crispin Cowan (crispinat_private)
Date: Fri Jun 01 2001 - 13:12:49 PDT

  • Next message: Howard Holm: "Re: permissive vs. restrictive issue and solutions..."

    Stephen Smalley wrote:
    
    > > To preserve the assurance argument for LSM, I would very much like it if
    > > LSM provided purely restrictive hooks.  Stephen Smalley pointed out that
    > > I overstated myself:  Capabilities is not purely permissive, it is a mix.
    > > However, I conjecture that Capabilities is the ONLY permissive module on the
    > > table.
    > >
    > > Can anyone dispute this claim?  Got an example of some other module that wants
    > > to be permissive?
    >
    > Although SELinux is currently only "restrictive", we would like to
    > provide functionality similar to the capabilities mechanism using
    > Type Enforcement, as we did in the DTOS prototype.  That requires the
    > ability to be "permissive" as well.  Partitioning superuser privileges
    > and assigning them to specific authorized users and programs is
    > useful functionality, and is already present in many Unix
    > variants.
    
    That being the case, I withdraw the "kick Capabilities out of LSM" proposal.  It's
    major advantage was to achieve a restrictive-only LSM interface, which would seem
    to be impossible if we want to support the above.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com//Products/Immunix/purchase.html
    
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 13:13:25 PDT