Understanding ACI

From: Jörgen Sigvardsson <jorgen.sigvardsson@kau.se>
Subject: Understanding ACI
Date: Mon, 19 Feb 2001 15:10:16 +0100

Next Article (by Date): REG changes Amon Ott
Previous Article (by Date): Re: UML-stuff Jörgen Sigvardsson
Next in Thread: Re: Understanding ACI Amon Ott
Articles sorted by: [Date] [Author] [Subject] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is what I have gathered from various source files so far:
* The ACI-manages security attributes for various OS objects (files, IPC 
  objects, etc)
* These attributes can be accessed through rsbac_{get,set}_attr() functions
* ACI is a collection of databases (lists) for various kinds of OS objects,
  but this hidden from the user (adf module) 
* Each entry in the DB (fd, ipc or whatever) is defined by the structures 
  found in aci_data_structures.h
* Each entry is static in size, it may only vary in size depending on version 
  (current, old, and oldold :)
* Some entries are persistent (i.e ACL attributes for instance), while some 
  are not (i.e. process attributes)

What I want to do is:
1) Implement a database of public keys and id's
2) I want to be able to add new (id, key) tuples dynamically
3) I want to be able to remove (id, key) tuples dynamically
4) I want to be able to perform lookups: id -> key

This information is to be used for verification of signed binaries.

What is my next step? I don't quite see how I can accomplish this using the 
ACI module since there is no rsbac_id_pubkey_aci_t structure. Is there a way 
to create my "custom" data base in a clean and simple manner? I guess it 
would be possible to add an rsbac_id_pubkey_aci_t structure, but that would 
make my module tightly coupled to RSBAC which is no good for any part (I 
maintenance nightmare?). 

- -- 
Jörgen Sigvardsson, B. Sc.
Lecturer, Computer Science Dept. Karlstad University
Tel: +46-(0)54-700 1786
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6kSlLJtcD8rikkmwRAgJeAJsEeoc30PPY0NRxX8CK4efxHStNxACeK6Rg
3zwyfAiGoehRje6+IQkEvKg=
=kqOs
-----END PGP SIGNATURE-----
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): REG changes Amon Ott
Previous Article (by Date): Re: UML-stuff Jörgen Sigvardsson
Next in Thread: Re: Understanding ACI Amon Ott
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.