You are actually talking about using compartmented mode operation and
mandatory access controls. I do believe that more complete capability
list support will be usefull. Tracking and configuration of capability lists
has been brought up several times without final resolution, since all
implementations seem to need modifications to the filesystem for support.
Some suggestions that came up:
1. modify the binary header to contain the capabilities of the binary.
problem: anyone that can create a binary would be able to set the
capability list of that binary. How is this prevented.
2. only inherit capabilities from a parent process.
problem: how are the capabilities initially set? how can a non-
privilege process (say a user shell) run a privileged
application (say passwd)?
Other topics that came up:
1. what is a suitable list of capabilities?
2. What granularity is supported by the capabilities?
3. Can site defined capabilities be defined?
4. (related to 3) Can application specific capabilities be defined?
See the RSBAC project at http://www.rsbac.de/rsbac/
for an implementation of MAC controls, including compartmented operation.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jan 07 2000 - 21:00:06 EST