Re: [BK PATCH] LSM changes for 2.5.59

• Previous message: Bill Davidsen: "Re: [BK PATCH] LSM changes for 2.5.59"
• In reply to: LA Walsh: "RE: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: LA Walsh: "RE: lsm truly "generic" allowing complete choice? Clean? Simple? I don't think so."
• Reply: LA Walsh: "RE: lsm truly "generic" allowing complete choice? Clean? Simple? I don't think so."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 10 Feb 2003 23:38, LA Walsh wrote:
> > And modularizing that logic
> > has interesting implications; what happens to your applications when
> > you turn off the kernel DAC logic and replace it with something
> > arbitrary?
>
> ---
> 	You tell me.  The idea is configurability: "truly generic".  It
> depends on what policy you define.  I'm not about to guess
> what would happen to "applications" (which?  Random?) that _you_ put on
> your own system that has a security policy that _you_ define.

I think that most people who want to use LSM and similar systems don't want to 
re-write any significant portion of their applications.  People who want 
serious security and are prepared to re-write applications will probably want 
a high-assurance kernel and won't use Linux.

A large number of applications depend on Unix permission checks.  Actions such 
as treating a file as a configuration file if it lacks execute access 
(accorting to stat(2)) but trying to execute it if it appears to have execute 
access is reasonably common.

Also many applications check the apparent permissions of files before trying 
to access them, a file which doesn't appear to have read access may not even 
be opened.

I've been running a SE Linux play machine with all files mode 0777 for a few 
weeks.  I've had to change the permissions on many files to get things 
working basically for this reason, and I don't think that I've even addressed 
half the problems this causes.  Even as an experiment this is too painful.  
I'll re-format the machine soon...

For all the machines I run (hand-held, laptop, embedded server, desktop, and 
server) I plan to keep Unix permissions whether I need them or not.  Removing 
them breaks too much compatability at the moment.  Maybe if someone else gets 
a few thousand Linux machines running without any Unix permissions and fixes 
a lot of the bugs I'll consider it.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Crispin Cowan: "Chris Wright's European Vacation"
• Previous message: Bill Davidsen: "Re: [BK PATCH] LSM changes for 2.5.59"
• In reply to: LA Walsh: "RE: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: LA Walsh: "RE: lsm truly "generic" allowing complete choice? Clean? Simple? I don't think so."
• Reply: LA Walsh: "RE: lsm truly "generic" allowing complete choice? Clean? Simple? I don't think so."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 16:43:25 PST