From: Linas Vepstas <linas@austin.ibm.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: "Fedora SELinux support list for users & developers."
<fedora-selinux-list@redhat.com>,
Colin Walters <walters@verbum.org>,
linux-hotplug-devel@lists.sourceforge.net,
SELinux <SELinux@tycho.nsa.gov>,
Bill Nottingham <notting@redhat.com>,
Nigel Kukard <nkukard@lbsd.net>,
harald@redhat.com
Subject: Lomac questions [was Re: [OT] SELinux vs. other systems]
Date: Thu, 02 Sep 2004 17:29:07 +0000 [thread overview]
Message-ID: <20040902172907.GB9645@austin.ibm.com> (raw)
In-Reply-To: <1094141429.17265.281.camel@moss-spartans.epoch.ncsc.mil>
Hi Stephen,
Excellent answer... its been too long since I've played with selinux.
I'll try again.
> > I once thought about re-implementing LoMAC as a ruleset atop of SELinux.
> > I'm pretty sure that this is possible, but I started thinking that the
> > complexity of the ruleset may introduce holes that voids the effort.
> > And that thought disturbed me.
>
> It isn't actually possible to implement LOMAC via SELinux, but that's
> another topic.
Hmm, why not?
> > Along with Lomac's 'bluntness' comes 'zero configurability': its
> > something that could be installed on the proverbial 'Grandma's Linux
> > desktop', and provide additional security without causing pain.
>
> Until Grandma wants to do useful work. Simple security models are nice
> to look at, but they don't capture the behavior of real systems, and it
> doesn't matter that the model is "secure"; you just break one of the
> trusted subjects authorized to override the security model in order to
> get the real work done. SELinux policy may look weaker to you, but it
> actually represents what is being allowed in the system; no exceptions.
I don't quite understand this. I'm currently running Lomac on one of
my servers, and I can get work done. It seems to be usable, even if
it makes some operations, like software install, harder.
I'm not sure what you mean by 'break a trusted subject'. If you mean
'ssh is trusted, so if ssh is broken, all hope is lost', then yes.
But surely selinux has trusted subjects that may not be trustworthy?
If you mean 'lomac provides explicit tools that allow a sysadmin
to manually move a file from lower to higher trust domains', then,
well, I'm also confused. Surely selinux also has a way to start
with something untrusted, and then raise its level ... e.g. to
install software downloaded from the net.
Is the 'broken-ness' the fact that grandma failed to run an anti-virus
scanner and verify checksums, yada yada, before elevating the
priveldge on the downloaded software?
--linas
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id\x10808&op=click
_______________________________________________
Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel
next prev parent reply other threads:[~2004-09-02 17:29 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-30 17:37 [idea] udev + selinux Nigel Kukard
2004-08-30 20:31 ` Luke Kenneth Casson Leighton
2004-08-31 5:02 ` Nigel Kukard
2004-08-31 9:49 ` Luke Kenneth Casson Leighton
2004-08-31 10:27 ` Nigel Kukard
2004-08-31 12:46 ` Luke Kenneth Casson Leighton
2004-08-31 11:26 ` Luke Kenneth Casson Leighton
2004-08-31 16:07 ` Luke Kenneth Casson Leighton
2004-08-31 16:46 ` Nigel Kukard
2004-08-31 19:18 ` Luke Kenneth Casson Leighton
2004-08-31 19:26 ` Stephen Smalley
2004-08-31 20:02 ` Luke Kenneth Casson Leighton
2004-08-31 21:18 ` Jim McCullough
2004-08-31 23:26 ` Luke Kenneth Casson Leighton
2004-08-31 22:44 ` [OT] SELinux vs. other systems [was Re: [idea] udev + selinux] Linas Vepstas
2004-09-01 14:23 ` Richard Troth
2004-09-01 17:25 ` Linas Vepstas
2004-09-02 16:10 ` Stephen Smalley
2004-09-02 17:29 ` Linas Vepstas [this message]
2004-09-02 20:05 ` Lomac questions [was Re: [OT] SELinux vs. other systems] Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040902172907.GB9645@austin.ibm.com \
--to=linas@austin.ibm.com \
--cc=SELinux@tycho.nsa.gov \
--cc=fedora-selinux-list@redhat.com \
--cc=harald@redhat.com \
--cc=linux-hotplug-devel@lists.sourceforge.net \
--cc=nkukard@lbsd.net \
--cc=notting@redhat.com \
--cc=sds@epoch.ncsc.mil \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).