[PATCH] Enhanced Trusted Path Execution (TPE) Linux Security Module

From: Lorenzo Hernández García-Hierro (lorenzo@private)
Date: Wed Jan 05 2005 - 18:51:48 PST


Hi,
This patch adds support for an enhanced Trusted Path Execution (TPE)
subsystem relying in the Linux Security Modules framework.
It's a rewrite of the IBM's TPE LSM module by Niki A. Rahimi, which adds
a couple of improvements and feature enhancements.

The most notable of them are support for per-gid basis access control
lists in runtime and kernel-configuration time (adds support for trusted
and untrusted user groups), procfs interface for statistics and runtime
information and debugging capabilities (for limiting the garbage
messages).

Also, the documentation has been rewritten and under the "Trusted Path
Execution (EXPERIMENTAL)" configuration option, has been added a "GID
for trusted users" key to make possible to set a default gid for a
specific trusted user group.

The reasons that give sense for including this, are that standard
Vanilla kernels have SELinux and LSM (SELinux already supports TPE
functionalities), but SELinux has less possibilities of being used by
those desktop or just not experienced users who are not already using
their distribution-specific SELinux implementation, even if they want
simple protections for their every-day system use, also, the
availability of some patch-sets with security enhancements (like
grsecurity) distracts users of being using the LSM framework or even
SELinux itself, in addition, this TPE has more features than
grsecurity's one in terms of per-users and groups acl basis, which make
easy the management of the TPE protection.
In short, after a first review you can see that it could worthy to
include this in the kernel sources.

Note: the code, as it is right now, has some limitations that would be
solved in a relatively short time manner, more short if more people
contribute to it.

The limitations of the current code are described
in ./Documentation/tpe-lsm.txt

Patch against 2.6.10 attached.
(not inside msg body for preventing messing up by archives-managing
software)

I will make available an independent-packaged version ASAP, which could
be built outside the kernel sources, at http://selinux.tuxedo-es.org

Cheers,
PS: I would appreciate to be CC'ed, as I'm not subscribed to the list.
(Just for mail traffic volume reasons, which i don't have time to
handle)
-- 
Lorenzo Hernández García-Hierro <lorenzo@private> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager






This archive was generated by hypermail 2.1.3 : Wed Jan 05 2005 - 20:54:49 PST