1.0.8-pre3 with MAC categories

From: ao@morpork.shnet.org (A. Ott)
Subject: 1.0.8-pre3 with MAC categories
Date: 21 Feb 1999 13:04:00 +0100

Next Article (by Author): RSBAC on SMP ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): 1.0.8-pre2 ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject] 

Hello again, RSBAC folks!

I put 1.0.8-pre3 into the pre-dir. The full functionality for 1.0.8  
release should be in it.

MAC categories are limited to 64, as stated before. The empty set (all 0  
vector) is used as inherit value for files and dirs, so category sets are  
inheritable as well as security levels. If you don't like the idea of  
inheritance for empty sets, tell me now or use an unused category as  
workaround later.

The only thing I might still add to AUTH in this release is kernel based  
password management and authorization (sure you can turn it off):
- MD5 password hashing, with a timestamp to avoid comparability
- syscalls for setting, testing of passwords, and password-based process  
capability setting
- A modified login program to use it


RSBAC Changes
-------------
1.0.8: - Port to 2.2.1
       - Added /proc/rsbac-info/backup to provide an easier means of backup
         for not device dependent stuff.
       - Added new Role Compatibility (RC) module.
       - New on-disk binary layout, auto update from all versioned data
         (1.0.5 upwards).
       - AUTH module added to support proper authentification by enforcing
         externally granted CHANGE_OWNER capabilities.
       - Save to disk inconsistency in PM sets fixed.
       - MAC categories added, but limited to a fixed number of 64. Apart
         from that, the MAC module categories are as proposed in the
         Bell-LaPadula model.

I would greatly appreciate comments as well as bug or success reports for  
this version.

Specially the people who asked for MAC compartments/categories should test  
them and report - I am not experienced enough in MAC field administration  
to find hidden flaws, and I don't have the time for exhaustive testing.  
This is your chance to get them fixed...

Amon.

--
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): RSBAC on SMP ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): 1.0.8-pre2 ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.