* Shane Kerr (shane@time-travellers.org) wrote: > I've touched on this before, but I figure I may as well keep trying > until I get an answer: Is it possible to create an LSM with the current > proposed model that will allow me to grant only a small subset of root > privileges to a specific executable? If not, is there another way to go > about this (perhaps by using other hooks and dropping privileges for the > processes - i.e. when exec() runs "ntpd" drop all privileges except for > bind() and adjtime(), and when that process calls bind() drop that > privilege - yuck)? There are many ways to accomplish this I imagine. I don't think this is necessarily permissive. To me permissive is a way to grant priveleges to traditionaly unpriveleged users (i.e. non-root). This has the advantage that you are subject to all root privilege checks accept for the specific areas where you've been granted exemption (least privileges). On the other hand, you can give someone root, and via extended attributes (not yet mainstream) or a simple flat file, define ways that this incarnation of root is heavily restricted. Again you are granting least priveleges, but you will pass all root privilege checks, so you are relying on what we're calling restrictive hooks. Because the hooks are geared towards kernel objects there may be many ways to leverage them. For example, you could monitor at exec time and tie priveleges to the running process based on its name or inode. You could allow it to run priveleged until it attempted an action that is marked as dangerous and it's priveleges could be limited. I'm sure there are other ways, but you get the idea. Given the above, I believe this is possible with the current proposal (alright, so bind hasn't really been handled yet, but it will be ;-). Your security module could handle permissions in either way, and I believe there is some general agreement that both have value. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 13:13:23 PDT