Re: c2 (or c2-like) auditing for Linux

From: Casey Schaufler (caseyat_private)
Date: Thu Jan 30 2003 - 11:25:46 PST

  • Next message: Stephen D. Smalley: "Re: c2 (or c2-like) auditing for Linux"

    "Stephen D. Smalley" wrote:
    > Casey wrote:
    > > LSM is a Good Thing (tm) because it is explicitly present, and
    > > everyone has to deal with that, and not screw it up.
    > You might have missed it, but LSM is now a configuration option, turned
    > off by default.  Kernel developers are quite free to ignore it,
    > although that is obviously not what we would prefer.
    Well, it's getting closer at any rate.
    > ... Also, note that
    > some error checks that precede permission checks can convey information
    > about the file and do return other error codes (e.g. ENOTDIR, EISDIR,
    > ENOTEMPTY).  Hence, your above statement about error checking always
    > occurring first isn't consistent with your stated goal for MAC.
    In order to get any of those messages you will have had to access
    the object to determine that it's a directory. The access check
    will have been done (it had better!) before you go looking around
    in the object.
    > Unclassified process trying to read top secret data is certainly more
    > interesting than Steve trying to read Casey's data (well, maybe Casey's
    > data is more interesting...).  But there is also plenty of noise
    > generated by harmless probing/access testing that occurs as part of
    > normal operation of existing applications.
    /etc/shadow is the worst. 
    > In any event, if the DAC logic is moved into the security module, this
    > all becomes a module issue and preferably a policy configuration issue.
    > You can then combine your DAC and MAC access control logic and auditing
    > however you wish.
    Which is exactly why we wanted authoritative modules from the beginning.
    Casey Schaufler				Manager, Trust Technology, SGI
    caseyat_private				voice: 650.933.1634
    casey_pat_private			Pager: 877.557.3184
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 11:27:20 PST