1 |
On Tue, 13 Dec 2011 22:20:00 +0100 |
2 |
Javier Juan Martínez Cabezón wrote: |
3 |
|
4 |
> Give me an example of direct attack via memory as you say, accessible |
5 |
> devices and anything else said you before. |
6 |
|
7 |
I suggest you do some more reading at grsecurity.net or even the |
8 |
OpenBSD mailing list. I haven't got time to hunt down the two references |
9 |
that stick in my mind but keep your ears open and you may realise one |
10 |
of the kernel exploits could/can/will do just that. Do you really |
11 |
believe it's impossible??!! |
12 |
|
13 |
|
14 |
>> Shall we get rid of file permissions because we have RBAC. We could |
15 |
>> but I can't see that happening and for good reason. |
16 |
|
17 |
> file permissions are discrectional, rbac mostly mandatory |
18 |
|
19 |
I have no idea what you are arguing with, you just keep trying to twist |
20 |
what I say because you have a bee in your bonnet about MACs as the |
21 |
answer to everything and a panacea, they aren't but they are useful as I |
22 |
have said. Personally I wouldn't swap an OpenBSD kernel for the Linux |
23 |
one with RBAC on my servers atleast. One day with a risky setup, I |
24 |
might in that instance. I wonder why kernel.org didn't use RBACs, |
25 |
especially RSBAC or even chroot. How embarrassing for such an automated |
26 |
attack to get through. Is bugzilla.kernel.org still down? That wouldn't |
27 |
have happened if they were using OpenBSD. It might be a good idea to use |
28 |
a different kernel to the one they are hosting anyway even with many |
29 |
eyes. And before you think well this is just me clutching at straws with |
30 |
your tunnel vision, it relates exactly to what I was talking about |
31 |
of likelihood of use. |
32 |
|
33 |
>> don't try to compare them. |
34 |
|
35 |
Of course you should and I was saying much of RBACs can be replaced and |
36 |
you use both and it adds to defence in depth. Your notion of replacing |
37 |
DACs? I see good and bad in that. |
38 |
|
39 |
|
40 |
>> It does not restrict root, it erase it. The concept of root doesn't |
41 |
>> exists anymore. |
42 |
|
43 |
What is root, it is the root of the system not just a user. If it |
44 |
didn't exist the kernel wouldn't be able to turn RBAC off now would it. |
45 |
You have been drawn in by the wonderful marketing of imagine a system |
46 |
where root doesn't exist. Would your analogy be the kernel recreates |
47 |
root. If so, fine it makes no difference but is less correct. |
48 |
|
49 |
|
50 |
> I use rsbac because it reachs to B1 security level, level that openbsd |
51 |
> will never reach, it supports even secure_delete, and has some B2 |
52 |
> charateristics as device labels are. |
53 |
|
54 |
|
55 |
And yet your kernel has bugs added every day without much security |
56 |
consideration. What you don't understand is that RBAC is a security |
57 |
layer that the root of the system has control of. What can |
58 |
your /sbin/init do, what can the kernel do? Some rootkits can actually |
59 |
go the other side of the kernel even, far above where RBACs are. |
60 |
|
61 |
Yeah and Cisco's are certified for use by some enterprise manager and |
62 |
yet they have proven full of root exploits. Certified encryptions are |
63 |
often less secure than others. |
64 |
|
65 |
I repeat it ALL depends on the application, even the hardware. You |
66 |
could reduce the Linux kernel right down to protect the RBAC. Which |
67 |
was my original point. |
68 |
|
69 |
Of course then I wonder if the RBAC would actually ever be needed but |
70 |
it's ALL GOOD. |