* frm steven_kramerat_private "07/13/01 07:39:35 -0700" | sed '1,$s/^/* /' * * *> I don't think that any LSM interface could support what you want through *> permission functions without also being very difficult to get right. *> Read: commercial unix vendors have tried similar things, and users *> always seem to be able to use one or the other so-called capabilities to *> gain more until the user is a full root user with all so-called *> capabilities. * * * Second, not all the capabilities in the kernel will allow one to obtain * other * capabilities. Certainly overriding DAC will let someone easily override * MAC (e.g., altering the MAC DBs), but some of the other capabilities at * best allow the user to create DoS scenarios. Allowing DAC to override MAC would be contary to the point of MAC. In any sensible MAC system, the MAC checks would be performed before the DAC ones. System DBs would be protected by MAC as well as DAC. * * From what I see in the LSM code so far, LSM does not preclude such * mechanisms as I have discussed. * * --steve kramer richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology "Specialization is for insects" SGI _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 09:35:29 PDT