HI!
> > Just as programming languages can not prevent bugs, security
> > systems can not prevent complete administrative abuse.
> > Not even MAC can prevent this kind of error... if an install
> > program asks you to grant it MAC override, do you do so?
>
> If MAC override is in some piece of junk like elfcap then I have no audit
> control to determine if it is there.
Why? You have a tool that parses elf headers and tells you if elfcap
header is active. Is that what was your concern? It takes "lot of time"
to get elfcap header, but it can be done.
> > Oh bullshit. You've not proven any of that. I can well imagine
> > that one might think elfcap is ugly, but it gets the job done.
> > It is just horrible to require exotic filesystem features and
> > exotic backup tools when they shouldn't be needed at all.
>
> It is only reasonable as a prototype, not production.
Why not? It works. It is slow when doing lscap, and ugly; otherwise it
has no disadvantages.
> > It is about time that you admit elfcap gets the job done.
>
> Again, it is only reasonable as a prototype. It is not reliable, nor
> fully enforcable as it stands. It is no better than setuid, and it
> diffuses the ability to audit setuid since the actual priviliges are
> not apparent. That makes it difficult/impossible to have a verifiable
> audit.
It is not impossible. lscap is complicated, but possible (and already
done). "Actual priviledges" can be read from inside the file; that's
slow, but as long as algorithm for determing elfcap header is same in
kernel and in lscap, it is okay.
Pavel
-- I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents me at discuss@linmodems.org- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:36 EST