| 1 |
On Sze, Február 13, 2008 13:08, Geoff Kassel wrote: |
| 2 |
> |
| 3 |
> I like the idea of the SELinux per-application policies. I've never used |
| 4 |
> them |
| 5 |
> or SELinux, though, so I don't know how effective or simple they are to |
| 6 |
> use |
| 7 |
> IRL. Anyone else care to comment on this? |
| 8 |
|
| 9 |
Chris PeBenito is the person who probably have the most detailed knowledge |
| 10 |
of SELinux here. I think it's more complex to develop a policy for an |
| 11 |
application using SELinux, but a well designed framework provides |
| 12 |
guidance. Targeted mode offers a chance to create a balance between |
| 13 |
security and usability giving the chance for the everyday user to make use |
| 14 |
of the technique without having to spend time on the policy or facing with |
| 15 |
failing applications. |
| 16 |
|
| 17 |
> |
| 18 |
>> I think many of us could contribute to the |
| 19 |
>> policy. The hardest task would be to agree on the differences regarding |
| 20 |
>> the security requirements. But that could be made configurable also. |
| 21 |
>> Configuration intelligence could investigate the contents of the conf |
| 22 |
>> directory to tailor the policy to the specific settings... |
| 23 |
> |
| 24 |
> Hmm... configuration-wise, I'm envisioning a directory tree under |
| 25 |
> /etc/grsec |
| 26 |
> with per-user and per-application branches (because detailed grsec policy |
| 27 |
> files get very big very quickly), so that differences or changes in |
| 28 |
> requirements can be managed easily via comparing differences between flat |
| 29 |
> files. |
| 30 |
|
| 31 |
We could have something similar to SELinux here. I mean: a policy |
| 32 |
structure in directories, which could be used to generate the final policy |
| 33 |
file. That would keep the effort in userland. |
| 34 |
|
| 35 |
> |
| 36 |
>> I have to regularly revise my policy to keep the box running. I've also |
| 37 |
>> ended up loosening the security in order to make the system usable. |
| 38 |
> |
| 39 |
> As much maligned as Vista's UAC system is, I feel there's one positive |
| 40 |
> thing |
| 41 |
> about it - it's handy to have a mechanism to notify the user about |
| 42 |
> potential |
| 43 |
|
| 44 |
Udev-event based mechanism for eg. |
| 45 |
|
| 46 |
> |
| 47 |
> How about a user-configurable UI (something that could be run on a bare |
| 48 |
> TTY, |
| 49 |
> like, say, tty11, or on any other command line, for that matter) for the |
| 50 |
> management system - secured from physical intrusion by sudo-style logins |
| 51 |
> for |
| 52 |
|
| 53 |
RSBAC have console type graphical UI for config editing. |
| 54 |
I really like the idea of having a separate security officer in RSBAC as |
| 55 |
well as the separate authentication system for grsecurity. It's a second |
| 56 |
line defense mechanism makes it harder to bypass. But it also makes harder |
| 57 |
to an everyday user to easily tamper with the security policy. I think |
| 58 |
this second line should be kept. |
| 59 |
|
| 60 |
< snip > |
| 61 |
> |
| 62 |
> Evasive procedures would have to be controlled and managed centrally by an |
| 63 |
> administrator, of course, as the whole system could be compromised if the |
| 64 |
> wrong decision is made by a user. But everything else could end up in a |
| 65 |
> file |
| 66 |
> stored for each user - say in ~/.grsec - which would be referenced by any |
| 67 |
> (G)UI access control management clients. |
| 68 |
|
| 69 |
That's way to much for me for now... |
| 70 |
|
| 71 |
Regards, |
| 72 |
Dw. |
| 73 |
|
| 74 |
|
| 75 |
-- |
| 76 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
| 77 |
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
| 78 |
|
| 79 |
-- |
| 80 |
gentoo-hardened@l.g.o mailing list |
Archives