From: mjt@nysv.org
To: David Masover <ninja@slaphack.com>
Cc: Nate Diller <ndiller@namesys.com>,
Hans Reiser <reiser@namesys.com>,
reiserfs-list@namesys.com,
Reiserfs developers mail-list <Reiserfs-Dev@namesys.com>
Subject: Re: Mask moderation policy
Date: Sat, 9 Apr 2005 10:29:57 +0300 [thread overview]
Message-ID: <20050409072957.GG1399@nysv.org> (raw)
In-Reply-To: <4257154F.7010700@slaphack.com>
[-- Attachment #1: Type: text/plain, Size: 2055 bytes --]
On Fri, Apr 08, 2005 at 06:35:43PM -0500, David Masover wrote:
[i.agree.snip]
A bit of philosophizing and thinking out loud ensued:
>Or could this be done in existing security plugins? Am I correct in
>thinking that when a file is accessed, the file's security plugin (not
>the program's) is called?
Wouldn't it be easiest to skip the idea of a file in exe.mask
as a fallthrough and have everything as directories?
$ mkdir -p bash.mask/dev/input/mouse0
$ # The directory will be visible
$ cat >> bash.mask/dev/input/acl
> allow group all
> allow user all
>EOF
$ # Then we set an acl of sorts on the mouse device
$ cat >> bash.mask/dev/input/mouse0/acl <<EOF
>deny group all
>allow group mouse
>allow user ninja, mjt
>EOF
$ # You have to be in the mouse group and run bash to see /dev/input/mouse0
But how should it be handled when something runs under bash?
Should bash deny all and /usr/sbin/gpm.mask/dev/input/mouse0 allow
the mouse group to access?
I suppose exclusive masks could also be seen as somewhat redundant, as
everything is denied by default, so masks could be handled by careful
per-group and -user allows..
Another issue with this is the amount of text parsing the above example
has to do. How to handle corrupt lines? Missing users?
if (!S_ISDIR(dentry->d_inode->i_mode)) is a lot lighter than the acl
parsing..
If this were implemented by extending what we have now; a file means
absolute fallback, a directory absolute visibility and no exclusions,
I believe the following might work.
touch bash.mask/dev/input/mouse0/mouse would allow the mouse group
to see the file. As I have zero experience in kernel code, I have none
to even pseudo here, but just check if "mouse" is a valid group..
This could be extended further with a scheme as follos:
$ find bash.mask/dev/input/mouse/
bash.mask/dev/input/mouse/group/mouse
bash.mask/dev/input/mouse/user/ninja
bash.mask/dev/input/mouse/user/mjt
$
Just two cents or something..
And great work, Namesys guys!
--
mjt
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-04-09 7:29 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-07 7:51 Mask moderation policy Nate Diller
2005-04-07 19:25 ` Hans Reiser
2005-04-08 1:41 ` Nate Diller
2005-04-08 23:35 ` David Masover
2005-04-09 7:29 ` mjt [this message]
2005-04-10 17:18 ` David Masover
2005-04-10 20:21 ` mjt
2005-04-10 21:43 ` Nate Diller
2005-04-10 22:21 ` David Masover
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050409072957.GG1399@nysv.org \
--to=mjt@nysv.org \
--cc=Reiserfs-Dev@namesys.com \
--cc=ndiller@namesys.com \
--cc=ninja@slaphack.com \
--cc=reiser@namesys.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.