lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9d732d950706131618t6027f1a3xd840dde9cd7c0337@mail.gmail.com>
Date:	Thu, 14 Jun 2007 08:18:19 +0900
From:	"Toshiharu Harada" <haradats@...il.com>
To:	"James Morris" <jmorris@...ei.org>
Cc:	"Rik van Riel" <riel@...hat.com>,
	"Stephen Smalley" <sds@...ho.nsa.gov>,
	"Toshiharu Harada" <haradats@...data.co.jp>,
	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [RFC] TOMOYO Linux

Morris, thank you for your comment.

2007/6/14, James Morris <jmorris@...ei.org>:
> On Thu, 14 Jun 2007, Toshiharu Harada wrote:
>
> > TOMOYO Linux has a mode called "learning"
> > in addition to "permissive" and "enforce". You can easily
> > get the TOMOYO Linux policy with learning mode that
> > SELinux does not have.
>
> Blindly generating security policy through observation of the system is
> potentially dangerous for many reasons.
> See
> <http://securityblog.org/brindle/2006/03/25/security-anti-pattern-status-quo-encapsulation/>
>

When I saw Russell Coker and showed him a demonstration of
TOMOYO Linux, he told the same comment.
Also after tracing an AppAmor's long thread, I'm convinced of the
meaning of label base. That's why I don't think TOMOYO Linux as a
replace of SELinux. "Professional policy (or reference policy)"
makes sense to me.

However it may be safe for audition and profiling purpose.
Policy learning feature of TOMOYO Linux will help
understanding the behavior of Linux boxes.
That is my point.

I will double check the link you showed me. Thank you.
(It's wonderful to receive comments from you and Stephen!)

> Note that while SELinux does also have a similar capability with the
> audit2allow tool, it should be considered an expert tool, the output of
> which needs to be understood before use (as noted in its man page).

Yes. But I remember Frank said "don't use it :-)" when he gave a
presentation in Japan.

> > In addition, access control mode of
> > TOMOYO Linux can be managed for every difference domain.
>
> We have considered per-domain enforcing mode a couple of times in the
> past, but figured that it could be implemented via policy alone (e.g. run
> the task in a domain where all accesses are allowed and logged); and it
> would also be of limited usefulness because of the aforementioned problems
> with learning mode security policy.

I'll reply this part in later.

Thanks!
Toshiharu Harada
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ