From: Joshua Brindle <method@manicmethod.com>
To: shahbaz khan <shazalive@gmail.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: PMS and SELinux
Date: Tue, 31 Jul 2007 16:49:58 -0400 [thread overview]
Message-ID: <46AFA076.7090904@manicmethod.com> (raw)
In-Reply-To: <7b740b700707301225q4aa45498yb61f12af17be0d95@mail.gmail.com>
shahbaz khan wrote:
> I would like to ask a few questions from the experts regarding some
> implementations. I am working on a survey on selinux rsbac and
> grsecurity. Got some from mailing lists but need more. References will
> be appreciated.. They are the following:
>
>
> 1. What is a security aware application. What functionality it can
> provide? Has this functionality been provide in the other
> competitors.
>
a security aware application, in SELinux, is an application that
utilizes the userspace interface to the security server. That is, it
requests security decisions that are fulfilled by the kernelspace or
userspace security server based on the policy loaded into the security
server.
> 1. Where are sids implemented. I have heard that they are history
> now. How are they opaque to object managers?
>
sids are only used in the kernel now, as a way to avoid dealing with
memory lifespans on structs containing a security field (and also to
save memory by only having one copy of each context, in the sidtab)
> 1. What difference has PMS brought to selinux. Do we have such in
> other implementations?
>
it is still in a prototype phase so in terms of practical benefits it is
pretty minimal, for now. It does allow one to control updates to the
policy though, and hopefully will be ready for widespead deployment at
some point in the near future. Other implementations (eg., rsbac,
grsecurity) do not have fine grained access control on policy updates,
implementations such as trusted extensions on solaris have a static BLP
policy and therefore have no policy updates.
> 1. How is PMS implemented? Any technical documents? Is it a secure
> application using the extended api?
>
There are a few fairly high level documents on selinux-symposium.org,
and some others on oss.tresys.com/projects/policy-server. Since the
object model changed fairly in the last implementation of the policy
server the technical documents on the object model are currently out of
date, we should be updating them at some point though.
> 1. How and where is AVC implemented?
>
the AVC is used by object managers (both kernel and userspace) to make
access decision lookups faster, there is an implementation in the kernel
(security/selinux/avc.c) and in libselinux (libselinux/src/avc.c)
> 1. Is there any good logging facility apart from regular denial? I
> have heard rsbac and grsecurity has better logging facilities.
>
SELinux utilizes the in-kernel auditing framework, we don't want to
confuse auditing and security policy enforcement (though we do have
auditallow functionality), more fine grained auditing on specific
syscalls, etc can be accomplished with the audit framework (see man
auditctl)
> 1. SELinux uses syscall interception. Is it through LSM? How does
> rsbac and grsecurity manage this?
>
There is no syscall interception, LSM is more abstract than the syscall
layer. rsbac and grsecurity both implement their own hook systems that
are similar (both different enough that they aren't satisfied with LSM).
> 1. Of the topic but how does grsecurity implement acls and rbac. Is
> rbac used through the acls or a seperate module?
>
probably the best place to ask detailed questions about grsecurity's acl
implementation is on their list.
> 1. How can we best judge the network controls of rsbac and
> grsecurity w.r.t. implementation, usability and functionality?
>
grsec and rsbac both use network controls similar to the old selinux
controls, where we limited access to specific ports, network interfaces,
etc. SELinux now uses a netfilter based system where we apply labels to
packets based on any netfilter criteria (port, interface, remote node,
connection tracking, anything iptables can filter on) and we allow
access based on the label of a particular packet. We also have 2
implementations of labeled networking, which isn't available in rsbac or
grsec.
> I will be glad to put the names of responders in my survey document's
> acknowledgements.
>
No need.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-07-31 20:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-30 19:25 PMS and SELinux shahbaz khan
2007-07-31 20:49 ` Joshua Brindle [this message]
2007-07-31 21:40 ` shahbaz khan
-- strict thread matches above, loose matches on Subject: below --
2007-07-30 19:48 PMS and selinux shahbaz khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46AFA076.7090904@manicmethod.com \
--to=method@manicmethod.com \
--cc=selinux@tycho.nsa.gov \
--cc=shazalive@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.