From: Shaun Savage <savages@pcez.com>
To: SELinux@tycho.nsa.gov
Subject: Re: New security policy
Date: Mon, 10 Dec 2001 08:44:30 -0800 [thread overview]
Message-ID: <3C14E66E.10405@pcez.com> (raw)
In-Reply-To: Pine.GSO.4.33.0112101028390.13300-100000@raven
Stephen Smalley wrote:
>On Sun, 9 Dec 2001, Shaun Savage wrote:
>
>>sysdm_r this for root to admin the system but can't change security
>>of "system" types
>>secoff_r The is for security officer to set up the security for the
>>system
>>dataoff_r this is the only person that can "see" users personal
>>files/directories
>>
>
>You are likely to encounter difficulty in truly enforcing separation among
>these roles. Obviously, you can't let sysadm_r update the kernel or
>its modules if you want to separate secoff_r, but even this is not
>sufficient. For example, if you let sysadm_r update /bin/login or
>/etc/shadow, what prevents him from entering any role he wants? Or if you
>let sysadm_r update system libraries or programs executed by the other
>roles, what prevents him from inserting arbitrary code of his choosing to
>be executed by the other roles? I'm not sure about dataoff_r - what
>constitutes "personal" files/directories. Obviously, if dataoff_r can
>read a user's private keys, then he can obtain access to the user's
>account and thus may be able to enter the other roles.
>
The sysadm_r is see as the every day admin. checking logs, add/del
users,accounts using system-tools.
But the secoff_r locks down system. if the secoff_r unlocks the system
then sysadm_r can then a administrator the whole system. The reason I
like this is that an unknow root exploit can't comprimise the whole system.
The dataoff_r is a trusted user that is allowed to move user data from
one domain to another, reclassify data. This is a violation of the
rules, but that is the role.
>
>>I have compiled some of the selinux utils for RH7.2, I hope to do the
>>rest this week.
>>
>
>As I've mentioned previously on the list
>(http://marc.theaimsgroup.com/?l=selinux&m=100687390219347&w=2), we've
>been working on updating the utility patches to RH7.2 and have updated
>several of them already, so it seems that there is some duplication of
>work here.
>
Where can I get the work that has been done already?
Shaun Savage
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2001-12-10 16:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-10 5:35 New security policy Shaun Savage
2001-12-10 15:49 ` Stephen Smalley
2001-12-10 16:44 ` Shaun Savage [this message]
2001-12-10 17:26 ` Stephen Smalley
2001-12-10 16:02 ` Stephen Smalley
2001-12-10 17:17 ` Shaun Savage
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3C14E66E.10405@pcez.com \
--to=savages@pcez.com \
--cc=SELinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.