Re: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded)


From: Jörgen Sigvardsson <jorgen.sigvardsson@kau.se>
Subject: Re: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded)
Date: Tue, 27 Feb 2001 15:40:49 +0100

Next Article (by Subject): Re: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Amon Ott
Previous Article (by Subject): soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Top of Thread: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Next in Thread: Re: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Amon Ott
Articles sorted by: [Date] [Author] [Subject]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 27 February 2001 15:13, Peter Busser wrote:
> Well, in that case it would be nice when this would be (also) a kernel
> compile option. It's ok if it is access controled, but when the
> functionality is not there, it cannot be activated by accident. 
proc-entries are dynamic. In fact when you do a directory listing inside 
/proc, the kernel generates information for ls so that it is presentable in a 
file system manner. If the functionality is not there, then the proc-entry 
was not registered with the proc-fs, and will therefore not show up in a 
directory listing (not will it be open()'able).
 
> This soft
> mode is mostly useful in development environments, not in production
> environments.
>
> I didn't know /proc entries could be access controlled, how does one do
> that?
The feature itself can be treated as an SCD-attribute. The proc-entry is just 
a mean to modify it. Other means can be a system call. If the attribute is to 
be modified then one should make sure that the uid of the modifying process 
is secoff.

The security officer should however not do this on a live system. If there is 
a need for it anyway, then the system should probably be brought to single 
user mode (to be on the really safe side; remove all networking cables, all 
serial cables, usb cables - power, monitor, keyboard ough to be enough. And 
oh yeah, lock the door as well ;-).

- -- 
Jörgen Sigvardsson, B. Sc.
Lecturer, Computer Science Dept. Karlstad University
Tel: +46-(0)54-700 1786
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6m7x0JtcD8rikkmwRAlbrAJ0UvN7xOk3HzjWcyINGYJLzRDwupACfUKaQ
4XjILmkWh/EZHUHwHZjfjtg=
=L9/Y
-----END PGP SIGNATURE-----
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Amon Ott
Previous Article (by Subject): soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Top of Thread: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Peter Busser
Next in Thread: Re: soft mode and v1.1.1-pre4 problem (was: Re: rsbac-v1.1.1-pre4 uploaded) Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.