lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 26 Nov 2007 12:36:09 -0500
From:	Kyle Moffett <mrmacman_g4@....com>
To:	Crispin Cowan <crispin@...spincowan.com>
Cc:	Andrew Morgan <morgan@...nel.org>, casey@...aufler-ca.com,
	Stephen Smalley <sds@...ho.nsa.gov>,
	"Serge E. Hallyn" <serue@...ibm.com>, linux-kernel@...r.kernel.org,
	chrisw@...s-sol.org, darwish.07@...il.com, jmorris@...ei.org,
	method@...icmethod.com, paul.moore@...com,
	LSM List <linux-security-module@...r.kernel.org>
Subject: Re: + smack-version-11c-simplified-mandatory-access-control-kernel.patch added to -mm tree

On Nov 24, 2007, at 22:36:43, Crispin Cowan wrote:
> Kyle Moffett wrote:
>> Actually, a fully-secured strict-mode SELinux system will have no  
>> unconfined_t processes; none of my test systems have any.   
>> Generally "unconfined_t" is used for situations similar to what  
>> AppArmor was designed for, where the only "interesting" security  
>> is that of the daemon (which is properly labelled) and one or more  
>> of the users are unconfined.
>
> Interesting. In a Targeted Policy, you do your policy  
> administration from unconfined_t. But how do you administer a  
> Strict Policy machine? I can think of 2 ways:

[snip]

> * there is some type that is tighter than unconfined_t but none the
>   less has sufficient privilege to change policy
>
> To me, this would be semantically equivalent to unconfined_t,  
> because any rogue code or user with this type could then fabricate  
> unconfined_t and do what they want

Well, in a strict SELinux system, someone who has been permitted the  
"Security Administrator" role (secadm_r) and who has logged in  
through a "login_t" process may modify and reload the policy.  They  
are also permitted to view all files up to their clearance, write  
files below their level, and relabel files.  On the other hand, they  
do not have any system-administration privileges (those are reserve  
for sysadm_r).

Under the default policy the security administrator may disable  
SELinux completely, although that too can be adjusted as "load  
policy" is yet another specialized permission.

Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ