[Security_sig] DCL protection assumptions

Chris Wright chrisw at osdl.org
Thu Oct 7 15:23:53 PDT 2004


* slav at vogon.net (slav at vogon.net) wrote:
> >
> > Great feedback.  What important features are missing in LIDS in your
> > estimation?
> >
> 
> It's been about 9 months (an eternity in the world of open source), but
> based on what we've seen back then, here's what we liked and didn't like:
> 
> Pros:
> * ability to hide files and directories
> * ability to hide processes
> * pretty flexible ACLs for both
> 
> Cons:
> * Subject/object relationship is file-process, as opposed to file-user or
> process-user.  This is a major shortcoming.  I would ideally like to be
> able to restrict processes AND users to their sandboxes.

Heh, OK.  I've worked with this type of restriction before.  The
_simplest_ workaround is give each user a unique shell
/bin/shells/fred_shell.  Ugly, yes...work...perhaps ;-)  I suspect that
this is also solvable in a more elegant fashion via pam.  So the pam
module before it hands you off to your shell, sets you up with the
proper 'user' domain.  From this point forward, it would look exactly
like file-process (to user your terms).

Anyway, thanks for the feedback.  I'll talk to the LIDS guys and let
them know.  I think it's useful notion, so...thanks!  It's what we've
talked about on the list a bit (RBAC) being quite useful.  The tough
part is always configuring it.

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net



More information about the security_sig mailing list