Making OPIE/QTOPIA aware of SELinux

All of lore.kernel.org
 help / color / mirror / Atom feed

* Making OPIE/QTOPIA aware of SELinux
@ 2003-02-20 16:42 CNGUYEN
  2003-02-20 19:36 ` Russell Coker
  0 siblings, 1 reply; 7+ messages in thread
From: CNGUYEN @ 2003-02-20 16:42 UTC (permalink / raw)
  To: 'Stephen D. Smalley', 'selinux@tycho.nsa.gov'

Any thoughts on how to make the GUI environment (OPIE or QTOPIA) aware of
SELinux so that "bypassing" SELinux is prevented?

Chieu Nguyen
Mykotronx

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Making OPIE/QTOPIA aware of SELinux
  2003-02-20 16:42 CNGUYEN
@ 2003-02-20 19:36 ` Russell Coker
  0 siblings, 0 replies; 7+ messages in thread
From: Russell Coker @ 2003-02-20 19:36 UTC (permalink / raw)
  To: CNGUYEN, 'Stephen D. Smalley',
	'selinux@tycho.nsa.gov'

On Thu, 20 Feb 2003 17:42, CNGUYEN wrote:
> Any thoughts on how to make the GUI environment (OPIE or QTOPIA) aware of
> SELinux so that "bypassing" SELinux is prevented?

What exactly do you mean by "bypassing SE Linux" and in what ways do you think 
it should be made aware of SE Linux?

I'm working on Familiar right now but my work is just starting...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: Making OPIE/QTOPIA aware of SELinux
@ 2003-02-20 19:42 CNGUYEN
  2003-02-21  9:33 ` Tom
  2003-02-21 14:57 ` Lamont R. Peterson
  0 siblings, 2 replies; 7+ messages in thread
From: CNGUYEN @ 2003-02-20 19:42 UTC (permalink / raw)
  To: 'Russell Coker', 'Stephen D. Smalley',
	'selinux@tycho.nsa.gov'

Applications <----
----              |
OPIE/QTOPIA  <---------|
---                    |
SELinux                |
---                    | 
Device Drivers <-------|

-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Thursday, February 20, 2003 11:36 AM
To: CNGUYEN; 'Stephen D. Smalley'; 'selinux@tycho.nsa.gov'
Subject: Re: Making OPIE/QTOPIA aware of SELinux


On Thu, 20 Feb 2003 17:42, CNGUYEN wrote:
> Any thoughts on how to make the GUI environment (OPIE or QTOPIA) aware of
> SELinux so that "bypassing" SELinux is prevented?

What exactly do you mean by "bypassing SE Linux" and in what ways do you
think 
it should be made aware of SE Linux?

I'm working on Familiar right now but my work is just starting...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Making OPIE/QTOPIA aware of SELinux
  2003-02-20 19:42 Making OPIE/QTOPIA aware of SELinux CNGUYEN
@ 2003-02-21  9:33 ` Tom
  2003-02-21 14:57 ` Lamont R. Peterson
  1 sibling, 0 replies; 7+ messages in thread
From: Tom @ 2003-02-21  9:33 UTC (permalink / raw)
  To: CNGUYEN; +Cc: 'selinux@tycho.nsa.gov'

On Thu, Feb 20, 2003 at 11:42:56AM -0800, CNGUYEN wrote:
> Applications <----
> ----              |
> OPIE/QTOPIA  <---------|
> ---                    |
> SELinux                |
> ---                    | 
> Device Drivers <-------|

There's no danger of this as SELinux works at the kernel level.

However, I can imagine that the qtopia software is so much "integrated"
that it won't work with any reasonably secure policy.

-- 
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Making OPIE/QTOPIA aware of SELinux
  2003-02-20 19:42 Making OPIE/QTOPIA aware of SELinux CNGUYEN
  2003-02-21  9:33 ` Tom
@ 2003-02-21 14:57 ` Lamont R. Peterson
  2003-02-21 15:13   ` Russell Coker
  1 sibling, 1 reply; 7+ messages in thread
From: Lamont R. Peterson @ 2003-02-21 14:57 UTC (permalink / raw)
  To: CNGUYEN, 'Russell Coker', 'Stephen D. Smalley',
	'selinux@tycho.nsa.gov'

On Thursday 20 February 2003 12:42 pm, CNGUYEN wrote:
> Applications <----
> ----              |
> OPIE/QTOPIA  <---------|
> ---                    |
> SELinux                |
> ---                    |
> Device Drivers <-------|

If I understand the architecture of the kernel (and particularly, how SELinux 
affects the kernel) then I would have to say that your diagram is incorrect.  
SELinux does not sit on top of the kernel; it "IS" the kernel.

Qtopia (I don't know OPIE) does not bypass the kernel in order to talk to 
devices directly.  There is nothing (other than compiling SELinux into your 
"embedded" kernel) that needs be done for Qtopia to run securely.

However, if I were to do this, I would write some Qtopia apps to wrap around 
SELinux specific tools such as spasswd, and would explore the "login" 
facility that Qtopia Desktop uses to communicate with Qtopia devices.
-- 
Sincerely,
Lamont R. Peterson <lrp@xmission.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: Making OPIE/QTOPIA aware of SELinux
@ 2003-02-21 15:05 CNGUYEN
  0 siblings, 0 replies; 7+ messages in thread
From: CNGUYEN @ 2003-02-21 15:05 UTC (permalink / raw)
  To: 'lrp@xmission.com', 'Russell Coker',
	'Stephen D. Smalley', 'selinux@tycho.nsa.gov',
	'tom@lemuria.org'
  Cc: Chieu Nguyen (E-mail), David Gathright (E-mail)

Thank you for your advices, we will take these into consideration as we
investigate further into the QTOPIA/OPIE SDKs.

-----Original Message-----
From: Lamont R. Peterson [mailto:lrp@xmission.com]
Sent: Friday, February 21, 2003 6:58 AM
To: CNGUYEN; 'Russell Coker'; 'Stephen D. Smalley';
'selinux@tycho.nsa.gov'
Subject: Re: Making OPIE/QTOPIA aware of SELinux


On Thursday 20 February 2003 12:42 pm, CNGUYEN wrote:
> Applications <----
> ----              |
> OPIE/QTOPIA  <---------|
> ---                    |
> SELinux                |
> ---                    |
> Device Drivers <-------|

If I understand the architecture of the kernel (and particularly, how
SELinux 
affects the kernel) then I would have to say that your diagram is incorrect.

SELinux does not sit on top of the kernel; it "IS" the kernel.

Qtopia (I don't know OPIE) does not bypass the kernel in order to talk to 
devices directly.  There is nothing (other than compiling SELinux into your 
"embedded" kernel) that needs be done for Qtopia to run securely.

However, if I were to do this, I would write some Qtopia apps to wrap around

SELinux specific tools such as spasswd, and would explore the "login" 
facility that Qtopia Desktop uses to communicate with Qtopia devices.
-- 
Sincerely,
Lamont R. Peterson <lrp@xmission.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Making OPIE/QTOPIA aware of SELinux
  2003-02-21 14:57 ` Lamont R. Peterson
@ 2003-02-21 15:13   ` Russell Coker
  0 siblings, 0 replies; 7+ messages in thread
From: Russell Coker @ 2003-02-21 15:13 UTC (permalink / raw)
  To: lrp, CNGUYEN, 'selinux@tycho.nsa.gov'

On Fri, 21 Feb 2003 15:57, Lamont R. Peterson wrote:
> If I understand the architecture of the kernel (and particularly, how
> SELinux affects the kernel) then I would have to say that your diagram is
> incorrect. SELinux does not sit on top of the kernel; it "IS" the kernel.

Yes, that is a good way to think of it.

SE Linux is part of the kernel, and apart from kernel bugs and programs with 
write access to /dev/kmem (IE an X server) there's no way to bypass SE Linux.

> Qtopia (I don't know OPIE) does not bypass the kernel in order to talk to
> devices directly.  There is nothing (other than compiling SELinux into your
> "embedded" kernel) that needs be done for Qtopia to run securely.
>
> However, if I were to do this, I would write some Qtopia apps to wrap
> around SELinux specific tools such as spasswd, and would explore the
> "login" facility that Qtopia Desktop uses to communicate with Qtopia
> devices.

One problem with embedded devices is that when you link multiple programs into 
one executable (like busybox does) then it's more difficult to arrange 
process domain transitions.

On a desktop or server system running SE Linux it's easy to have the 
administrator shell in the sysadm_t domain transition to the insmod_t domain 
to run "insmod" or "rmmod" as they are different programs.  When you have 
"insmod" and /bin/sh in the same binary with the same type it becomes more 
complex.

I am considering writing a privileged wrapper program which would run in 
sysadm_wrapper_t if run from sysadm_t or user_wrapper_t if run from user_t.  
Then it would look at a configuration file to map the name it was run as to a 
command and a security context.

EG If it was run as "insmod" then it might run "busybox insmod" as insmod_t.  
Of course the SE Linux policy would not permit a transition from 
user_wrapper_t to insmod_t...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2003-02-21 15:13 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-02-20 19:42 Making OPIE/QTOPIA aware of SELinux CNGUYEN
2003-02-21  9:33 ` Tom
2003-02-21 14:57 ` Lamont R. Peterson
2003-02-21 15:13   ` Russell Coker
  -- strict thread matches above, loose matches on Subject: below --
2003-02-21 15:05 CNGUYEN
2003-02-20 16:42 CNGUYEN
2003-02-20 19:36 ` Russell Coker

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.