Planning v1.2.0 - update2

From: Amon Ott <ao@rsbac.org>
Subject: Planning v1.2.0 - update2
Date: Wed, 1 Aug 2001 10:15:21 +0200

Next Article (by Author): Re: Remove config options Amon Ott
Previous Article (by Author): Re: Roles question Amon Ott
Next in Thread: RE: Planning v1.2.0 - update2 "Kaladis"
Articles sorted by: [Date] [Author] [Subject]

Hi folks!

1.1.2 is meant as the last 1.1.x version to come out. If 1.1.3 comes, it will
not bring major functional changes, but rather important bugfixes.

The new 1.2.0 tree has just been forked on my disk from 1.1.2-pre9 with some
small changes. Sure all bugfixes for pre9 will be merged in.

For 1.2.0, there are currently planned:

- Move most lists to generic lists, possibly splitting them up for
different models. This will break on-disk compatibility and auto-update, but a
backup-restore will work, because syscall interfaces will not change.

- Optimize generic lists

- Real network access control as descibed in previous mails, with
socket-template and socket objects

- PM module overhaul, PM administration menues

- (maybe) Optional filesystem object redirection support, e.g. to provide
separate /tmp dirs for all users. There might be a separate module just doing
redirection. There are many problems involved with this.

- (maybe) Optional selective (per fs object with inheritance) disabling of Linux
DAC

- Port to Linux Security Module (LSM) generic kernel interception
interface, likely to be included into 2.5 kernel series.

- (maybe) RC roles time limits

- RSBAC ACL support in Samba

- (maybe) PLT buffer overflow protection

- Automatic 'learning mode' to generate ACL setup for a program with user/role
from the log. Maybe some basic stuff for RC, too.

Please comment and add your own wishlist to be discussed.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.