Re: general questions


From: Amon Ott <ao@rsbac.org>
Subject: Re: general questions
Date: Wed, 15 Aug 2001 12:51:57 +0200

Next Article (by Subject): Re: general questions Fabrice MARIE
Previous Article (by Subject): general questions Justus Pendleton
Top of Thread: general questions Justus Pendleton
Next in Thread: Re: general questions Fabrice MARIE
Articles sorted by: [Date] [Author] [Subject]


On Mit, 15 Aug 2001 Justus Pendleton wrote:
> I downloaded the patch for 2.4.7 and ran make menuconfig but it there
> was nothing to configure...is something wrong with the current patch?

You untarred the RSBAC kernel part archive into the kerner source, I suppose?

> When will a 2.4.8 patch be out?

I am currently working on 2.4.8. Unfortunately, there have been some changes in
the kernel internals (again) regarding superblock locking, which require a lot
of changes in RSBAC. There might not be a 2.4.8 patch for RSBAC 1.1.1, since
1.1.2 will come out really soon.

> I looked over the documentation and played around with the rsbac-admin
> tools a little bit but couldn't find an answer to my next question...
> 
> Sometimes I need to know more than just the program name when deciding
> upon permissions.  Is there any way to access other information about
> the process and make that part of the criteria for a decision?  Like
> program arguments, program's current working directory, time of
> execution...things like that.  Is that possible somehow?

The decision is based on the process ID, not the program running. However,
modules can change process attributes on executing a program.

Since the process ID is part of every request, any model could lookup extra
process data, like the command line. However, these bits might have been faked
by the program.
    
> I was also looking at the malware scanner.  I think it is a pretty
> nifty idea but I was thinking it would be even better if it could act
> like tripwire.  Like generate a SHA-1 hash of the executable and then
> check it against a database.  If the hash doesn't match the expected
> result the kill the program and notify the user.  I'm not sure how
> easy it would be to put SHA-1 in the kernel (well, pretty easy if you
> have the international kernel patch, I guess) or how easy it would be
> to have a decent database lookup in the kernel.

Jörgen meant to implement this scheme as an RSBAC module, but I have not looked
into any code yet.
  
Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: general questions Fabrice MARIE
Previous Article (by Subject): general questions Justus Pendleton
Top of Thread: general questions Justus Pendleton
Next in Thread: Re: general questions Fabrice MARIE
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.