Re: soft mode (was: rsbac-v1.1.1-pre4 uploaded)


From: Amon Ott <ao@rsbac.org>
Subject: Re: soft mode (was: rsbac-v1.1.1-pre4 uploaded)
Date: Mon, 26 Feb 2001 09:45:26 +0100

Next Article (by Subject): soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Previous Article (by Subject): RE: SMP kernel. "hollace leon"
Articles sorted by: [Date] [Author] [Subject]


On Mon, 26 Feb 2001 Jörgen Sigvardsson wrote:
> On Monday 26 February 2001 06:56, Stanislav Ievlev wrote:
> > Interesting Idea! Many Security Management Systems has "soft" mode. It very
> > usefull to correct restrictions.
> >
> > Amon. What about some option in /proc? (like
> > /proc/sys/net/ipv4/ip_forward). 
> 
> in rsbac_adf_request()
> result = rsbac_adf_request_int(...);
> if(soft_mode)
> 	result = DO_NOT_CARE; /* (or GRANTED perhaps?) */
> 
> should probably do the trick..?

Yes, that is one place. We need a clean way to get it included without
security problems. Maybe:

- Compile time option 'support soft mode'
- A kernel parameter rsbac_soft_mode to switch it on before boot
- A setting in /proc/rsbac-info/debug
- As soft mode effectively switches off access control, we will have to run a
SWITCH_MODULE request, e.g. with switch target SW_NONE, through all modules
before the setting is done
- This can also be integrated into sys_rsbac_switch()
    
> BTW, RSBAC was mentioned on slashdot the other day with an URL to 
> rsbac.org on the front page. Did the web server need CPR afterwards? ;)

Well, you might know that rsbac.org is just a virtual server on a real big
machine with a lot of bandwidth... Still, there was a significant number of
additional requests :)

Amon.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Previous Article (by Subject): RE: SMP kernel. "hollace leon"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.