jmjonesat_private wrote: >1) As Mr. Smalley says, most applications never ask for anything >questionable anyway... and a security policy that makes "normal things" > Well, kind of. "Writing into /usr/bin" is normally a privileged operation, so some kind of installer needs some kind of authority. The classic way to do this is "be root when you execute 'rpm -i ...'" An LSM-ish way to do it would be to hack <your favorite policy engine> such that the RPM program/role/type/what-have-you has the authority to write into /usr/bin. More touchy is the issue of programs that want to be installed setuid root, i.e. they want the program intself to be specially privileged. This requires the installer to know how to delegate privilege, which in turn requires module-specific knowledge of how to express policy, in addition to the authority to actually manipulate the policy. >2) It is likely that only a minority subset of even server systems will >ever run an LSM module, and even those that do will probably run the most >widely known and fully understood module (KUDOS to SELinux for being so > The most widely used module is likely to be Capabilities :-) Less flippantly: if you want your box to transparently be able to install foreign (non-LSM-aware) RPMs or DEBs, then you configure your policy engine to permit that. I know that SubDomain can do that, and I suspect that SELinux can. >4) This is really NOT within the bounds of the LSM interface, as I >understand it. I was questioning, originally, if it might be >possible to devise a solution here, and have been assured/convinced >that there is no such possibility. > >A new "niche" has evolved if LSM doesn't want or need to address this in >the interface... creating tools that are multi-module useful for just this >purpose. I might take a crack at some of it myself, actually. Thanks. > I agree with that: cross-module policy manipulation is definitely a user-space problem. >Since this is a bit "beyond the pale" here (that's the response I've >synthesized from the responses to this thread, correct me if I'm wrong), >is there someplace else where people are or will be working on this, or is >it still an appropriate topic for discussion here? > I think it's an appropriate topic for discussion here, but the discussion should probably be "what do you folks think of this code?" Or perhaps "send me your module docs so that I can add FooModule awareness to the LSM ClueStick." Assuming that you are volunteering to write it :-) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html The Olympic Games: A Century of Corruption and Graft The FIS: Crushing the soul of snowboarding _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 16:56:42 PST