From: "Kaladis" <kaladis@gmx.de>
Subject: RSBAC suggestions / Problems
Date: Tue, 10 Jul 2001 12:11:40 +0200
Next Article (by Date): rsbac-v1.1.2-pre7 uploaded Amon Ott
Previous Article (by Date): Re: patch-2.4.6-v1.1.1.gz uploaded to /pre, mount hangs fixed? Amon Ott
Next in Thread: Re: RSBAC suggestions / Problems Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
Dear community, Having toyed around with RSBAC I came to the conclusion that one of the most efficient modules is the ACL module. To improve ACL's further I have got 3 suggestions that are very useful: A) Pattern Matching B) IPC ACL inheritance from file C) ACL > POSIX In the following I descrive my points with giving aswell scenarios: A) Patter matching could also be best described as globbing. A scenario would be a multi-homed apache webserver with mod_userdir that reads out home/username/public_html. In my particular setup I do not want to administrate webpages with root but with wwwoff. To achieve this I would have to give wwwoff root equivalent rights for certain areas. People with access to /home/username/public_html should be wwwoff(rw) username(rw) and httpd(r) - however /home/username should not be readable by httpd and not rw by wwwoff. Instead of generating ACL's for every user it would be very interesting to have only one ACL with pathname of /home/*/public_html minus exceptions Having just read about a tripwire /tmp race condition I came to the conclusion that it would also be very nifty for a hotfix beeing able to deny access to /tmp/twXXXXX (ie. /tmp/tw??????). B) I would like to be able to control IPC better so that I can not only select a Process from the running Processes but also just a normal binary with extra ACL-entries which are then inherited to all resulting processes and childs. This could be pretty useful to isolate processes entirely and not only filesystem-wise. Isn't that a B1 requirement? C) It would be also very useful to be able to have ACL's judged higher than the normal Unix rights. In my particular setup I have home/username/public_html. As mentioned above I want to administrate it with wwwoff and don't want to give root the ability to access this. All files in /home/username should be of course chowned to username.username. At best only rw to username and r to username(group). That's why creating a rule for the httpd user so that he can only read files and creating a rule for wwwoff so that he can also readwrite files is what would make a very secure HTTPD environment possible. Last but not least I would like to mention some problems in hope that someone will be able to solve them. When shutting down my system with kernel 2.4 patched RSBAC pre5 the / mountpoint is always busy and unmounting fails. I think that it is mostlikely RSBAC not shutting down properly since a clean 2.4 works. Some RSBAC configurations also don't want to load up in VMWare. Anyone got a solution for that? Regards - Jörg Lübbert (aka Kaladis) Core Developer of Kaladix Hyper-Secure Linux (www.maganation.com/~kaladix) - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): rsbac-v1.1.2-pre7 uploaded Amon Ott
Previous Article (by Date): Re: patch-2.4.6-v1.1.1.gz uploaded to /pre, mount hangs fixed? Amon Ott
Next in Thread: Re: RSBAC suggestions / Problems Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]