From: don@sabotage.org
Subject: access control projects
Date: Sat, 26 Jun 1999 05:13:45 +0200 (CEST)
Next Article (by Subject): Re: access control projects ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): 1.0.9a-pre4 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: access control projects ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
Recently there has been increased interest in using different access control mechanisms. Capabilities have gotten quite a bit of press lately, and I know that there was once an ACL project. I'm starting a project to implement Domain and Type enforcement. It occurs to me that with so many projects working in essentially the same area of the kernel it would be a good idea to have a site to collaborate, and also explain the differences in access control systems to interested parties. I know that the RSBAC project in my opinion is the furthest along, so I would like to solicit your cooperation. Additionally, since you're already familiar with the operation of some important pieces of the linux kernel (the workings of the open() call, for example) I would appreciate if you'd be willing to share your knowledge to help with the project I'm working on, Domain and Type Enforcement. It works by grouping subjects into domains, objects into types, and assigning access rights from domains to types and also domains to domains. The access permissions are not visible to the programs, but are enforced subtancially as a mandatory control with a few qualifications. The server I'll be using is already set up and I'll be ready to announce it soon as a configurable access control effort. I just wanted to get other people's take on this, especially from a project as far along as RSBAC. I think by working together though we'll have a better change of getting common interfaces or changes accepted, such as getting changes made in the inode structure. I'm already on the RSBAC mailing list so there's no need to cc me. Don - To unsubscribe from the rsbac list, send a mail to majordomo@morpork.shnet.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: access control projects ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): 1.0.9a-pre4 ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: access control projects ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]