RE: Security through Permissiveness: A Zen Riddle?

From: richard offer (offerat_private)
Date: Fri Jul 13 2001 - 09:34:44 PDT

  • Next message: jmjonesat_private: "Module Stacking -- Capability_Plug"

    * frm steven_kramerat_private "07/13/01 07:39:35 -0700" | sed '1,$s/^/* /'
    *
    * 
    *> I don't think that any LSM interface could support what you want through
    *> permission functions without also being very difficult to get right.
    *> Read: commercial unix vendors have tried similar things, and users
    *> always seem to be able to use one or the other so-called capabilities to
    *> gain more until the user is a full root user with all so-called
    *> capabilities.
    * 
    * 
    * Second, not all the capabilities in the kernel will allow one to obtain
    * other
    * capabilities.  Certainly overriding DAC will let someone easily override
    * MAC (e.g., altering the MAC DBs), but some of the other capabilities at 
    * best allow the user to create DoS scenarios.
    
    Allowing DAC to override MAC would be contary to the point of MAC. In any
    sensible MAC system, the MAC checks would be performed before the DAC ones.
    System DBs would be protected by MAC as well as DAC.
    
    * 
    * From what I see in the LSM code so far, LSM does not preclude such
    * mechanisms as I have discussed.
    * 
    * --steve kramer
    
    richard.
    
    -----------------------------------------------------------------------
    Richard Offer                          Technical Lead, Trust Technology
    "Specialization is for insects"                                     SGI
    _______________________________________________________________________
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 09:35:29 PDT