From: ao@morpork.shnet.org (A. Ott)
Subject: Request for discussion
Date: 14 Nov 1998 12:36:00 +0100
Next Article (by Subject): Re: Request for discussion "Paul D. Robertson"
Previous Article (by Subject): Problems with 1.0.5 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Request for discussion "Paul D. Robertson"
Articles sorted by: [Date]
[Author]
[Subject]
Hi RSBAC folks!
For RSBAC 1.0.6 (or later) I would like to discuss a few ideas I had:
Already implemented:
- Module File Flags allows to set some flags for files and dirs. Currently
there are 3:
- execute only (files): Only execute requests are allowed
- read only (files and dirs): All write/change requests are denied
- search only (dirs): Only name lookups in the kernel are allowed, so
all file/subdir accesses must include the path, no ls etc. is granted
What other flags would you be interested in?
- RSBAC logging can be done via own RSBAC routines (printk/sys_syslog
clone) with restricted access. Old style logging via standard syslog can
be turned off.
Problem: We need a patched klogd to read the log and write it somewhere
else. How can this be provided for all RSBAC systems?
- ACI version update: If the previous ACI version is detected, it is
upconverted. Do we need several steps, increasing kernel size (and
work), or only support for the previous official release?
Future ideas:
- Inheritance of attributes: Files and subdirs can inherit attribute
values from their parent dirs, groups of users might be added. I thought
about a special attribute value 'inherit' used as standard value for all
attributes that should be inherited.
Problem: Support for inheritance would mean some major changes in the
file/dir representation in the request and set_attr calls to the
decision (ADF) and in the get/set_attr calls to the data structures
component, meaning lots of work.
Is it worth it? I think yes.
- Access Control Lists (ACL): Quite easily a new module for this could be
added, giving individual user rights based on request type to objects. A
special user RSBAC_ALL_USER already exists and could be used for general
access. A special right would be to extend own rights to others.
Administration could be done in Netware style, and if no access entry
for a requesting user is present at this object, it could be inherited
from the parent object or from a group (see above). Security officers
could play the admin role, e.g. if no entry has been defined so far.
How do you think about it? Is there any need to include this?
- A simple transaction type could be added, copying a file on write-open
and replacing the file on close. This would mean a major change in linux
functions though.
Useful? Needed?
Hope to get some feedback,
Amon.
--
## CrossPoint v3.11 ##
-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Subject): Re: Request for discussion "Paul D. Robertson"
Previous Article (by Subject): Problems with 1.0.5 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Request for discussion "Paul D. Robertson"
Articles sorted by: [Date]
[Author]
[Subject]