RE: Planning v1.2.0 - update


From: Amon Ott <ao@rsbac.org>
Subject: RE: Planning v1.2.0 - update
Date: Wed, 18 Jul 2001 18:03:05 +0200

Next Article (by Date): Re: 1.1.2pre8 compile error steve
Previous Article (by Date): Re: 1.1.2pre8 compile error Amon Ott
Top of Thread: Planning v1.2.0 - update Amon Ott
Articles sorted by: [Date] [Author] [Subject]


On Mit, 18 Jul 2001 Kaladis wrote:
> I got anoter pretty nice idea:
> 
> Automatic rule creation learning mode.
> 
> This means that you tell RSBAC to watch program X and create a
> least-privilegue set of rules according to the needs of the application and
> NOTHING more. For security this should only be available in maintenance mode
> I think.
> 
> I had the idea about this while working on getting xinetd with the help of
> RC pretty secure. This would safe LOTS of time and guarantee that the
> services are working properly with only the rights they need.

This idea is actually well known here. The problem is the complexity of the
task, even if it only generates ACL rules. Also, the generated rules will be
far from ideal and still have to be checked for flaws.

My general idea was to set full program logging, give all rights and use the
logging output to generate the rules. These could be generated as a script,
like backup or linux2acl do, and thus without security problems (except the
program having full access during the test).

I will put it on the planning list as a maybe.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: 1.1.2pre8 compile error steve
Previous Article (by Date): Re: 1.1.2pre8 compile error Amon Ott
Top of Thread: Planning v1.2.0 - update Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.