Re: Mask moderation policy

[David Masover <ninja@slaphack.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nate Diller wrote:
> Hans Reiser wrote:
> 
>> Nate, give them the code, and use the latest text we wrote for the
>> moderation policy guidelines.
>>
>>  
>>
> Ok guys, if you want the patch (and weren't clever/motivated enough to
> find it from the security_mask page source ;), go to
> www.namesys.com/mask/linux-2.6.12-rc1-mm1/maskb6.patch.   'Course no
> warranty, buggy as hell, yada yada...
> 
> The latest version of the moderation document that Hans mentioned is
> attatched.  I call it the God version, because it basically says we
> don't need any input from people like you anyway, we just appoint a
> benevolent dictator instead.  So give us feedback as to which policy is
> better, cause if you pick this version, it's the last input you get
> <laughs maniacally>

Just read http://www.namesys.com/blackbox_security.html

Sorry I'm so late on input, but I've had hell from school and no time to
read Namesys papers until now.

Can't find anything about user-specific masks.

This would be very useful -- the ability to apply a mask to an entire
user, or to apply different masks to the same executable based on which
user called that executable.

It would also be useful to have (the option of) exclusive masks as well
as inclusive masks.  For example, we might want to allow access to
everything in /home except for one specific user, or everything in /dev
except one specific person.

It'd also be nice to have an option of masks which apply to all
executables except one, or all users except one.  For instance, a
chroot'ed environment could be excluded from all programs except
/bin/chroot.

In fact, now that I think about it, the masks should probably be
plugan-ized a bit, such that every time a program tries to access a
file, the filename must be okayed by the mask plugin, then by the file's
own security plugins.  Directory listings may be filtered or denied
(not-found or permission denied) the same way -- program's mask plugin,
then file's security plugin.

Or could this be done in existing security plugins?  Am I correct in
thinking that when a file is accessed, the file's security plugin (not
the program's) is called?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQlcVT3gHNmZLgCUhAQJLhw/+PFjlsLT+QM40EELmcIAgRuAmnjjLWw3S
q6shlPtpE+HZdpyGurzf0leUdPUZStWHlXteV3Hbz2n5NknzmCsQni9D180mJMMj
ommDX2YReeTV4DN9FsfJAxG70zVvINAVj3o3BN1ZcYtWqCYn1jsX88UQzOiX68lK
1elJ4leV6abNf4fRY6m02i9ONu3UvwMQsD2wAqVm3lgxA1H8wJjwgj3alhQ7lmSQ
ZOw6uHKVrppDvxtTbnUxrT//yj23qE886Ja7z7t/NeesNSabp6nTxnD5ME/w5a1U
XV3gLeApAptGJvJ355OGZGQflmYQwuMlnxl0QqJ7luVfhT0c8UIZdY+BbR5tNG2G
QL8guUB/4MhkPLzGzVGMVBtdqtGkA0q0uF/rpKu/Un+ywfnSgynrNfRaHGqsKgRO
o+TJQD40deLpwb9Yog1ymEf6xMwl3KaMIgYJScE0VMx2Jxg4aBdcJl5IJw9Ud1w3
gCArpaF7BSdV4t98K1PKqcRcr2Kh495hEPijeWNXXLtQPJTVlIMbfxXrb9kgZclI
0UAXUh+MMIcx+Oa/mP0P0iqjvGAO7bHYBpipUUcSFxlPm7nqfkikNPHXA6IpKoCU
X4G9n43t/0r5CskZhf7fF/gpdqvtwuAqthgB1UQ4GmGUXfWbXdYj3kJy8xFZakvj
L34d72FlgKg=
=LDZQ
-----END PGP SIGNATURE-----