| 1 |
On Tue, 13 Dec 2011 22:20:00 +0100 |
| 2 |
Javier Juan Martínez Cabezón wrote: |
| 3 |
|
| 4 |
> Give me an example of direct attack via memory as you say, accessible |
| 5 |
> devices and anything else said you before. |
| 6 |
|
| 7 |
I suggest you do some more reading at grsecurity.net or even the |
| 8 |
OpenBSD mailing list. I haven't got time to hunt down the two references |
| 9 |
that stick in my mind but keep your ears open and you may realise one |
| 10 |
of the kernel exploits could/can/will do just that. Do you really |
| 11 |
believe it's impossible??!! |
| 12 |
|
| 13 |
|
| 14 |
>> Shall we get rid of file permissions because we have RBAC. We could |
| 15 |
>> but I can't see that happening and for good reason. |
| 16 |
|
| 17 |
> file permissions are discrectional, rbac mostly mandatory |
| 18 |
|
| 19 |
I have no idea what you are arguing with, you just keep trying to twist |
| 20 |
what I say because you have a bee in your bonnet about MACs as the |
| 21 |
answer to everything and a panacea, they aren't but they are useful as I |
| 22 |
have said. Personally I wouldn't swap an OpenBSD kernel for the Linux |
| 23 |
one with RBAC on my servers atleast. One day with a risky setup, I |
| 24 |
might in that instance. I wonder why kernel.org didn't use RBACs, |
| 25 |
especially RSBAC or even chroot. How embarrassing for such an automated |
| 26 |
attack to get through. Is bugzilla.kernel.org still down? That wouldn't |
| 27 |
have happened if they were using OpenBSD. It might be a good idea to use |
| 28 |
a different kernel to the one they are hosting anyway even with many |
| 29 |
eyes. And before you think well this is just me clutching at straws with |
| 30 |
your tunnel vision, it relates exactly to what I was talking about |
| 31 |
of likelihood of use. |
| 32 |
|
| 33 |
>> don't try to compare them. |
| 34 |
|
| 35 |
Of course you should and I was saying much of RBACs can be replaced and |
| 36 |
you use both and it adds to defence in depth. Your notion of replacing |
| 37 |
DACs? I see good and bad in that. |
| 38 |
|
| 39 |
|
| 40 |
>> It does not restrict root, it erase it. The concept of root doesn't |
| 41 |
>> exists anymore. |
| 42 |
|
| 43 |
What is root, it is the root of the system not just a user. If it |
| 44 |
didn't exist the kernel wouldn't be able to turn RBAC off now would it. |
| 45 |
You have been drawn in by the wonderful marketing of imagine a system |
| 46 |
where root doesn't exist. Would your analogy be the kernel recreates |
| 47 |
root. If so, fine it makes no difference but is less correct. |
| 48 |
|
| 49 |
|
| 50 |
> I use rsbac because it reachs to B1 security level, level that openbsd |
| 51 |
> will never reach, it supports even secure_delete, and has some B2 |
| 52 |
> charateristics as device labels are. |
| 53 |
|
| 54 |
|
| 55 |
And yet your kernel has bugs added every day without much security |
| 56 |
consideration. What you don't understand is that RBAC is a security |
| 57 |
layer that the root of the system has control of. What can |
| 58 |
your /sbin/init do, what can the kernel do? Some rootkits can actually |
| 59 |
go the other side of the kernel even, far above where RBACs are. |
| 60 |
|
| 61 |
Yeah and Cisco's are certified for use by some enterprise manager and |
| 62 |
yet they have proven full of root exploits. Certified encryptions are |
| 63 |
often less secure than others. |
| 64 |
|
| 65 |
I repeat it ALL depends on the application, even the hardware. You |
| 66 |
could reduce the Linux kernel right down to protect the RBAC. Which |
| 67 |
was my original point. |
| 68 |
|
| 69 |
Of course then I wonder if the RBAC would actually ever be needed but |
| 70 |
it's ALL GOOD. |
Archives