1 |
On Sze, Február 13, 2008 13:08, Geoff Kassel wrote: |
2 |
> |
3 |
> I like the idea of the SELinux per-application policies. I've never used |
4 |
> them |
5 |
> or SELinux, though, so I don't know how effective or simple they are to |
6 |
> use |
7 |
> IRL. Anyone else care to comment on this? |
8 |
|
9 |
Chris PeBenito is the person who probably have the most detailed knowledge |
10 |
of SELinux here. I think it's more complex to develop a policy for an |
11 |
application using SELinux, but a well designed framework provides |
12 |
guidance. Targeted mode offers a chance to create a balance between |
13 |
security and usability giving the chance for the everyday user to make use |
14 |
of the technique without having to spend time on the policy or facing with |
15 |
failing applications. |
16 |
|
17 |
> |
18 |
>> I think many of us could contribute to the |
19 |
>> policy. The hardest task would be to agree on the differences regarding |
20 |
>> the security requirements. But that could be made configurable also. |
21 |
>> Configuration intelligence could investigate the contents of the conf |
22 |
>> directory to tailor the policy to the specific settings... |
23 |
> |
24 |
> Hmm... configuration-wise, I'm envisioning a directory tree under |
25 |
> /etc/grsec |
26 |
> with per-user and per-application branches (because detailed grsec policy |
27 |
> files get very big very quickly), so that differences or changes in |
28 |
> requirements can be managed easily via comparing differences between flat |
29 |
> files. |
30 |
|
31 |
We could have something similar to SELinux here. I mean: a policy |
32 |
structure in directories, which could be used to generate the final policy |
33 |
file. That would keep the effort in userland. |
34 |
|
35 |
> |
36 |
>> I have to regularly revise my policy to keep the box running. I've also |
37 |
>> ended up loosening the security in order to make the system usable. |
38 |
> |
39 |
> As much maligned as Vista's UAC system is, I feel there's one positive |
40 |
> thing |
41 |
> about it - it's handy to have a mechanism to notify the user about |
42 |
> potential |
43 |
|
44 |
Udev-event based mechanism for eg. |
45 |
|
46 |
> |
47 |
> How about a user-configurable UI (something that could be run on a bare |
48 |
> TTY, |
49 |
> like, say, tty11, or on any other command line, for that matter) for the |
50 |
> management system - secured from physical intrusion by sudo-style logins |
51 |
> for |
52 |
|
53 |
RSBAC have console type graphical UI for config editing. |
54 |
I really like the idea of having a separate security officer in RSBAC as |
55 |
well as the separate authentication system for grsecurity. It's a second |
56 |
line defense mechanism makes it harder to bypass. But it also makes harder |
57 |
to an everyday user to easily tamper with the security policy. I think |
58 |
this second line should be kept. |
59 |
|
60 |
< snip > |
61 |
> |
62 |
> Evasive procedures would have to be controlled and managed centrally by an |
63 |
> administrator, of course, as the whole system could be compromised if the |
64 |
> wrong decision is made by a user. But everything else could end up in a |
65 |
> file |
66 |
> stored for each user - say in ~/.grsec - which would be referenced by any |
67 |
> (G)UI access control management clients. |
68 |
|
69 |
That's way to much for me for now... |
70 |
|
71 |
Regards, |
72 |
Dw. |
73 |
|
74 |
|
75 |
-- |
76 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
77 |
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
78 |
|
79 |
-- |
80 |
gentoo-hardened@l.g.o mailing list |