Re: secure computing for 2.6.7

[Stephen Smalley]

On Sat, 2004-08-07 at 19:20, Hans Reiser wrote:
> Where do you store the access rules?  With the executable?   How do you 
> automate their determination?

Executables, like other files, are assigned security types (security
equivalence classes for objects) stored as extended attributes.  Policy
rules based on security domains (security equivalence classes for
processes) and security types are defined in a separate security policy
configuration that is compiled into an internal form by a policy
compiler and loaded into the kernel by early userspace (presently by a
modified /sbin/init).   With regard to automating their determination,
SELinux has some rudimentary features for collecting audit data
(optionally in a permissive mode where access denials are merely logged,
not denied) and generating policy rules from such audit data, and there
is work underway to develop better tools for policy generation,
including back ends for analysis of generated policy rules against
security objectives.  You have to be rather careful about such automated
generation, as many programs and library functions probe for access that
is not truly needed for their operation and some code actually varies
its behavior based on such probes (e.g. falling back to a less
privileged mode of operation if the probe fails).

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/