RSBAC suggestions / Problems


From: "Kaladis" <kaladis@gmx.de>
Subject: RSBAC suggestions / Problems
Date: Tue, 10 Jul 2001 12:11:40 +0200

Next Article (by Subject): Re: RSBAC suggestions / Problems Amon Ott
Previous Article (by Subject): RSBAC promotion Amon Ott
Next in Thread: Re: RSBAC suggestions / Problems Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Dear community,

Having toyed around with RSBAC I came to the conclusion that one of the most
efficient modules is the ACL module.

To improve ACL's further I have got 3 suggestions that are very useful:

A) Pattern Matching
B) IPC ACL inheritance from file
C) ACL > POSIX

In the following I descrive my points with giving aswell scenarios:

A)

Patter matching could also be best described as globbing.

A scenario would be a multi-homed apache webserver with mod_userdir that
reads out home/username/public_html.
In my particular setup I do not want to administrate webpages with root but
with wwwoff. To achieve this I would have to give wwwoff root equivalent
rights for certain areas. People with access to /home/username/public_html
should be wwwoff(rw) username(rw) and httpd(r) - however /home/username
should not be readable by httpd and not rw by wwwoff. Instead of generating
ACL's for every user it would be very interesting to have only one ACL with
pathname of /home/*/public_html minus exceptions

Having just read about a tripwire /tmp race condition I came to the
conclusion that it would also be very nifty for a hotfix beeing able to deny
access to /tmp/twXXXXX (ie. /tmp/tw??????).

B)

I would like to be able to control IPC better so that I can not only select
a Process from the running Processes but also just a normal binary with
extra ACL-entries which are then inherited to all resulting processes and
childs. This could be pretty useful to isolate processes entirely and not
only filesystem-wise. Isn't that a B1 requirement?

C)

It would be also very useful to be able to have ACL's judged higher than the
normal Unix rights. In my particular setup I have home/username/public_html.
As mentioned above I want to administrate it with wwwoff and don't want to
give root the ability to access this. All files in /home/username should be
of course chowned to username.username. At best only rw to username and r to
username(group). That's why creating a rule for the httpd user so that he
can only read files and creating a rule for wwwoff so that he can also
readwrite files is what would make a very secure HTTPD environment possible.


Last but not least I would like to mention some problems in hope that
someone will be able to solve them.

When shutting down my system with kernel 2.4 patched RSBAC pre5 the /
mountpoint is always busy and unmounting fails. I think that it is
mostlikely RSBAC not shutting down properly since a clean 2.4 works.

Some RSBAC configurations also don't want to load up in VMWare. Anyone got a
solution for that?


Regards

- Jörg Lübbert (aka Kaladis)
Core Developer of Kaladix Hyper-Secure Linux (www.maganation.com/~kaladix)

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: RSBAC suggestions / Problems Amon Ott
Previous Article (by Subject): RSBAC promotion Amon Ott
Next in Thread: Re: RSBAC suggestions / Problems Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.