On Thu, Jan 24, 2002 at 04:25:26PM -0500, jmjonesat_private wrote: > What I'm looking for is a way to install a product on the system that > works, rather than a way to bypass security. Perhaps a small > application that ASKS for such a access, or a way for the install code > to similarly ask and answer. If this is well beyond the concept of > "security", I understand, but this is the way that INSTALL scripts > have worked in the pass. I'm looking for a new way to do the same > thing. If retaining compatibility with existing applications is an important requirement for _your_ security module, _you_ will have to take care when implementing your module that you do not arbitrarily break expected behavior. You could write a small wrapper to interface with your security module, if you *do* break backwards compatibility, if your module implements methods to modify the security environment. Your tool could be like a mix of sudo and SuSE's compartment[1], or Norm Hardy's Factory[2], that grants privileges to processes as they are started. If you break backwards compatibility, it ought to be either for a Good Reason (the point of your module, perhaps :), or you need to know that no applications you are intending to run are going to need that feature, or your module should provide an easy back door to traditional semantics. I hope this helps. :) [1]: http://www.suse.de/~marc/compartment.html [2]: http://www.cap-lore.com/CapTheory/KK/Patent.html -- The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact your congressman for details how *you* can buy one today!
This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:47:20 PST