Re: Legitimate Question

• Previous message: Crispin Cowan: "Re: Legitimate Question"
• In reply to: Crispin Cowan: "Re: Legitimate Question"
• Next in thread: Chris Wright: "Re: Legitimate Question"
• Next in thread: Chris Wright: "Re: Legitimate Question"
• Reply: Chris Wright: "Re: Legitimate Question"
• Reply: Stephen Smalley: "Re: Legitimate Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks.  This is a good answer to my concerns.  The only remaining 
issue I have is how archeological or ported-from-other-operating systems
products may achieve "unmoderated" or "moderated-appropriately" status
under a restrictive module.

Is there a standard way or must application designers write code to 
multiple situations?

Sincerely,
J. Melvin Jones


|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------

On Thu, 24 Jan 2002, Crispin Cowan wrote:

> jmjonesat_private wrote:
> 
> >Wouldn't it be useful for a userspace application that is
> >setuid root to be able to bypass the module's checks.  
> >Isn't setuid ROOT generally assumed to be a "non-restricted"
> >condition?
> >
> >How does the new paradigm change that, specifically, and 
> >why SHOULD it do that?
> >
> That is a policy that each module can determine. "setuid root" is an 
> attribute of a file. "uid" and "euid" are attributes of processes. The 
> module looks at the requestor (the process) and its attributes, and the 
> object (file, network, whatever) and its attributes, and decides to 
> grant or deny. Your module can do whatever it wants with that information.
> 
> Meta-comment: no, I don't think this is a very good idea. Most of the 
> LSM projects that I understand go out of their way to NOT allow root 
> (especially setuid root) to bypass the mandatory security policies that 
> they are at such pains to put in place.
> 
> Crispin
> 
> -- 
> Crispin Cowan, Ph.D.
> Chief Scientist, WireX Communications, Inc. http://wirex.com
> Security Hardened Linux Distribution:       http://immunix.org
> Available for purchase: http://wirex.com/Products/Immunix/purchase.html
> 
>         The Olympic Games: A Century of Corruption and Graft
> 
> 

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: Legitimate Question"
• Previous message: Crispin Cowan: "Re: Legitimate Question"
• In reply to: Crispin Cowan: "Re: Legitimate Question"
• Next in thread: Chris Wright: "Re: Legitimate Question"
• Next in thread: Chris Wright: "Re: Legitimate Question"
• Reply: Chris Wright: "Re: Legitimate Question"
• Reply: Stephen Smalley: "Re: Legitimate Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:04:28 PST