Re: Legitimate Question

• Previous message: Valdis.Kletnieksat_private: "Re: Legitimate Question"
• In reply to: Valdis.Kletnieksat_private: "Re: Legitimate Question"
• Next in thread: Stephen Smalley: "Re: Legitimate Question"
• Next in thread: Seth Arnold: "Re: Legitimate Question"
• Reply: Stephen Smalley: "Re: Legitimate Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 25 Jan 2002 Valdis.Kletnieksat_private wrote:

> As far as /bin/test goes, I think the only security-sane way to do
> this is to run the configure step using whatever the module's
> equivalent of the SELinux 'newrole' command.

While this is a good solution, it does imply a certain "commonality" among
modules.  All modules must support some sort of "newrole" equivalent to 
be "security-sane."  Perhaps inevitable.

Also, all the things needed by the configure step must be 
available in the "role".  It occurs to me that it's quite possible that 
the "final role" that the application will operate under may be far more
restrictive than this.  For example, it may be necessary to allow
permission to execute, say, gcc, during the configuration step, do the
configuration/install, then deny that access in the context where the
application ultimately operates.  It may therefore not be really testing
the operating context, but rather the configuration context.

Perhaps I misunderstand "newrole", and if I do I apologize, but thank you
for setting me on the right track.  It requires new ways of thinking and 
I suspect it may take a while for application designers to wrap their
minds around what techniques and documentation will be necessary to
provide the best possible support.

Not a big problem except for the overhead for the administrator in
adjusting the context for the application between configuration,
installation, and operation... which has been pointed out
as being "the price one pays for security."

Sincerely,
J. Melvin Jones

|>------------------------------------------------------
||  J. MELVIN JONES            jmjonesat_private 
|>------------------------------------------------------
||  Microcomputer Systems Consultant  
||  Software Developer
||  Web Site Design, Hosting, and Administration
||  Network and Systems Administration
|>------------------------------------------------------
||  http://www.jmjones.com/
|>------------------------------------------------------



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "Re: Legitimate Question"
• Previous message: Valdis.Kletnieksat_private: "Re: Legitimate Question"
• In reply to: Valdis.Kletnieksat_private: "Re: Legitimate Question"
• Next in thread: Stephen Smalley: "Re: Legitimate Question"
• Next in thread: Seth Arnold: "Re: Legitimate Question"
• Reply: Stephen Smalley: "Re: Legitimate Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 07:39:35 PST