lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <09E2BAC3-B26D-41BD-AE7B-51A59BC21CE4@mac.com>
Date:	Tue, 21 Aug 2007 09:16:07 -0400
From:	Kyle Moffett <mrmacman_g4@....com>
To:	Valdis.Kletnieks@...edu
Cc:	casey@...aufler-ca.com, Pavel Machek <pavel@....cz>,
	linux-security-module@...r.kernel.org,
	LKML Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel

On Aug 19, 2007, at 17:12:41, Valdis.Kletnieks@...edu wrote:
> On Sat, 18 Aug 2007 01:29:58 EDT, Kyle Moffett said:
>> If you can show me a security system other than SELinux which is  
>> sufficiently flexible to secure those 2 million lines of code  
>> along with the other 50 million lines of code found in various  
>> pieces of software on my Debian box then I'll go put on my dunce  
>> hat and sit in the corner.
>
> /me hands Kyle a dunce cap. :)
>
> Unfortunately, I have to agree that both AppArmor and Smack have at  
> least the potential of qualifying as "securing the 2M lines of code".
>
> The part that Kyle forgot was what most evals these days call the  
> "protection profile" - What's the threat model, who are you  
> defending against, and just how good a job does it have to do?   
> I'll posit that for a computer that is (a) not networked, (b)  
> doesn't process sensitive information, and (c) has reasonable  
> physical security, a security policy of "return(permitted);" for  
> everything may be quite sufficient.

Well, in this case the "box" I want to secure will eventually be  
running multi-user X on a multi-level-with-IPsec network.  For that  
kind of protection profile, there is presently no substitute for  
SELinux with some X11 patches.  AppArmor certainly doesn't meet the  
confidentiality requirements (no data labelling), and SMACK has no  
way of doing the very tight per-syscall security requirements we have  
to meet.  I didn't make this clear initially but that is the kind of  
system I'm talking about wanting to secure some 50 million lines of  
code on.


> (Of course, I also have boxes where "the SELinux reference policy  
> with all the MCS extensions plus all the LSPP work" is someplace  
> I'm trying to get to).

Well, for some of the systems we distribute, "all the MCS extensions  
plus all the LSPP work" is nowhere near enough security; we need full- 
fledged multi-level-security, role-based-access-control, and specific  
per-daemon MAC restrictions.

Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ