pre directory


From: ao@morpork.shnet.org (A. Ott)
Subject: pre directory
Date: 23 Dec 1998 13:14:00 +0100

Next Article (by Date): Re: Request for discussion "Paul D. Robertson"
Previous Article (by Date): RSBAC status ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Hi RSBAC folks!

Now there is a directory for pre-releases. If you are interested in  
testing new features and commenting on them before they are official, give  
it a try.

Currently there is 1.0.7a-pre1 in it with alpha arch support (no more  
errors reported so far), better error detection for data structures (be  
careful, if changing number of fd-lists).

The dir is below rsbac home dir, but FTP only. The URL is
ftp://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac/pre

Work is in progress, a temporary focus lies on authentification. There  
will probably be an extra module AUTH, restricting general setuid to progs  
with auth_may_setuid and adding setuid capabilities for processes, based  
on target uid. These capabilities can only be set by progs with  
auth_may_set_cap set. This feature can be used to setup auth daemons, e.g.  
PAM or Kerberos based.

However, these attributes will have to be protected by all decision  
modules, as well as disabling this module must be. Most current modules  
will simply restrict access to security officers, the PM module might  
require a PM ticket.

If this auth restriction works well, the role-protection parts are likely  
to disappear.

Amon.

--
## CrossPoint v3.11 ##
-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: Request for discussion "Paul D. Robertson"
Previous Article (by Date): RSBAC status ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.