Re: Plans with RSBAC


From: Vadim Kogan <vadim@scam.XCF.Berkeley.EDU>
Subject: Re: Plans with RSBAC
Date: Fri, 8 Oct 1999 08:17:22 -0700 (PDT)

Next Article (by Author): patch for 2.3.19 Vadim Kogan
Previous Article (by Author): Re: Plans with RSBAC Vadim Kogan
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC "Paul D. Robertson"
Articles sorted by: [Date] [Author] [Subject]


On 8 Oct 1999, A. Ott wrote:

> Vadim, you need a complete understanding of the current state of ACL when  
> programming the menues, and the menues sometimes need changes in command  
> line tools. So you cannot help me there, but I really need help with  
> testing as soon as I push out a 1.0.9a-pre1 - like with all pre's.

Well, ACL are probably the easiest part of RSBAC for me - I used to be NW
guru before I got to UNIX (heh, at that time I was the youngest CNA in the
world :-))

> 
> The changes aim at some kind of distributed RSBAC in our networked world  
> and will take a lot of time.

Oh that.. Yeah, that'll take forewer, unless somebody will start working
on it now. Right now I'm limited to internal issues (fixing broken
proggies on the way).

BTW, another thing about syscalls (well, at least syslog). We need some
kind of rate-limiting and maybe some other stuff. I realize that it's
beyond models implemented in RSBAC, but this is closely related to
security and just like secure delete, it should bo done somewhere. I'm
gonna look at VINO implementation.


> >
> > role-setting daemon (not 100% sure it's needed though, need to analyze
> > more)
> 
> You are welcome to add one... ;)

Oh, I'll write one if somebody smart will tell me that it's needed for
"blabla" situation. It's just that for now I'm not even sure it's needed
and whether it's a smart idea at all. Non-careful feature can intoduce a
hole.

> Like triple overwrite with patterns? 

Yes, we can say that lots of important data is now on magnetic disks, so
it can be pretty useful. (not that I'll turn it on for anything but
testing :)

Vadim.


-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): patch for 2.3.19 Vadim Kogan
Previous Article (by Author): Re: Plans with RSBAC Vadim Kogan
Top of Thread: Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: Plans with RSBAC "Paul D. Robertson"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.