lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9d732d950708251546t6a441c4pd3ce78c46ce27617@mail.gmail.com>
Date:	Sun, 26 Aug 2007 07:46:37 +0900
From:	"Toshiharu Harada" <haradats@...il.com>
To:	"Pavel Machek" <pavel@....cz>
Cc:	"Kentaro Takeda" <k.takeda26@...il.com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, chrisw@...s-sol.org
Subject: Re: [TOMOYO 14/15] Conditional permission support.

Hi,

2007/8/25, Pavel Machek <pavel@....cz>:
> Hi!
>
> > This patch allows administrators use conditional permission.
> > TOMOYO Linux supports conditional permission based on
> > process's UID,GID etc. and/or requested pathname's UID/GID.
> >
> > Signed-off-by: Kentaro Takeda <takedakn@...data.co.jp>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>
> > + * Since the trailing spaces are removed by tmy_normalize_line(),
> > + * the last "\040if\040" sequence corresponds to condition part.
> > + */
> > +char *tmy_find_condition_part(char *data)
> > +{
> > +     char *cp = strstr(data, " if ");
> > +     if (cp) {
> > +             char *cp2;
> > +             while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> > +                     cp = cp2;
> > +             *cp++ = '\0';
> > +     }
> > +     return cp;
> > +}
> ...
>
> > +     unsigned long left_min = 0;
> > +     unsigned long left_max = 0;
> > +     unsigned long right_min = 0;
> > +     unsigned long right_max = 0;
> > +     if (strncmp(condition, "if ", 3))
> > +             return NULL;
> > +     condition += 3;
> > +     start = condition;
> > +     while (*condition) {
> > +             if (*condition == ' ')
> > +                     condition++;
> > +             for (left = 0; left < MAX_KEYWORD; left++) {
> > +                     if (strncmp(condition, cc_keyword[left].keyword,
> > +                                 cc_keyword[left].keyword_len))
> > +                             continue;
> > +                     condition += cc_keyword[left].keyword_len;
> > +                     break;
> > +             }
> > +             if (left == MAX_KEYWORD) {
> > +                     if (!tmy_parse_ulong(&left_min, &condition))
> > +                             goto out;
> > +                     counter++; /* body */
> > +                     if (*condition != '-')
> > +                             goto not_range1;
> > +                     condition++;
> > +                     if (!tmy_parse_ulong(&left_max, &condition)
> > +                         || left_min > left_max)
> > +                             goto out;
> > +                     counter++; /* body */
> > +not_range1: ;
> > +             }
> > +             if (strncmp(condition, "!=", 2) == 0)
> > +                     condition += 2;
> > +             else if (*condition == '=')
> > +                     condition++;
> > +             else
> > +                     goto out;
> > +             counter++; /* header */
> > +             for (right = 0; right < MAX_KEYWORD; right++) {
> > +                     if (strncmp(condition, cc_keyword[right].keyword,
> > +                                 cc_keyword[right].keyword_len))
> > +                             continue;
> > +                     condition += cc_keyword[right].keyword_len;
> > +                     break;
> > +             }
>
> What is that? Language parser in kernel?
>
>                                                         Pavel

Key idea of TOMOYO Linux is to let each process to remember the program
(path) name. Names are stored in task struct and "appended" to the list when
execve is called.

An example of /usr/lib/cups/backend/lpd.
(picked up from
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/centos4.4/domain_policy.txt?v=policy-sample)

/etc/rc.d/init.d/cups (fork&exec)
 /sbin/initlog (fork&exec)
   /usr/sbin/cupsd (fork&exec)
     /bin/bash (fork&exec)
       /usr/lib/cups/backend/lpd (current process)

SELinux and other DTE implementations need domain definitions to  work.
It is administrators task to design domains and name each domains.
TOMOYO Linux can be used as DTE MAC, but administrators don't
have to define and name domains. Because TOMOYO Linux
automatically defines domains and name them (from booting to
shutdown).

I wrote "TOMOYO Linux can be used as MAC", because
users can just view the domain transitions and analyze systems
with TOMOYO Linux. Or they can use TOMOYO Linux to
get logs with process invocation histories instead of a simple
program name.

TOMOYO Linux policy consists of path names and they are currently
handled as strings.

Thanks.

--
Toshiharu Harada
NTT DATA CORPORATION
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ