On Sat, 26 Jan 2002, Russell Coker wrote:
> Why not just ship the application in question in RPM or DEB form and have the
> package manager deal with this?
>
> You can build a RPM or DEB package on a machine without any LSM support and
> then install it on an LSM machine. As long as the package dependencies were
> correct then it would work fine.
Actually, this makes the situation worse. Such "canned installs" are
already loaded with assumptions about the target system since numerous
assumptions have to be made during the make, and if you make on a totally
different machine...
With the advent of LSM, far fewer assumptions can be made.
--------
Dr. Cowen Wrote....
* You can't count on the application itself to test and then enable
something, because some policies might impose different rules
depending on the time of day, or even on how often you ask.
This is already (pre LSM) true, although in a coarser way. Permission to
drop a file in a cache, for example, could disappear if a quota is
exceeded.
There is a distinction, in my mind, anyway, between dynamic permissions
and static permissions. Obviously, all applications must be prepared for
calls to fail, that's just good coding. But when building an application
that provides, for example, numerous servers, it would be very useful to
know if it will NEVER get permission to do something, or if it
potentially MAY. Then one can simply not compile in the NTP server part
of the code, for example, and not have to keep checking when in operation
if the resource has become available.
More thinkwork by the admin when configuring the build and less ability
to automate the process. There is ONE cross-module way to reliably
inquire if a permission is likely to exist: ask the admin who sets up the
policy. The availability of a so-called "b?tch-mode" then
provides information regarding if the context is correct.
Application designers will just have to get used to providing detailed
information like never before, or watch their applications fall into
disfavor. A very interactive process may be better security, anyway,
although experience has shown that products that take too much time and
effort to install often get "tossed" in favor of simpler installs.
The Cost Of Security,
J. Melvin Jones
|>------------------------------------------------------
|| J. MELVIN JONES jmjonesat_private
|>------------------------------------------------------
|| Microcomputer Systems Consultant
|| Software Developer
|| Web Site Design, Hosting, and Administration
|| Network and Systems Administration
|>------------------------------------------------------
|| http://www.jmjones.com/
|>------------------------------------------------------
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jan 26 2002 - 09:51:10 PST