This module implements two distinct ideas:
(1) Multiple superusers with distinct UIDs.
More than one root on a system I think is generally regarded as a bad
idea. I'm not sure why you'd use a scheme like this instead of, say, sudo
or custom setuid helpers for specific tasks -- whatever the case, I think
such issues can be addressed entirely in userspace.
(2) Partially decomposing the superuser and protecting some users from
some decomposed superusers, and decomposing CAP_SYS_ADMIN.
This is a special-case security policy hard-coded into the kernel. It
lacks a clear design rationale, and does not seem amenable to analysis, as
its access control coverage is incomplete.
As already suggested, it may be worth looking at just decomposing
CAP_SYS_ADMIN, although it's not clear how do to this correctly for the
general case.
- James
--
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <[email protected]>
- Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: James Morris <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Arjan van de Ven <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- [PATCH 0/4] MultiAdmin LSM
- From: Jan Engelhardt <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Prev by Date: Re: OOM kills if swappiness set to 0, swap storms otherwise
- Next by Date: Re: OOM kills if swappiness set to 0, swap storms otherwise
- Previous by thread: Re: [PATCH 4a/4] MultiAdmin LSM (LKCS'ed)
- Next by thread: Re: [PATCH 0/4] MultiAdmin LSM
- Index(es):
 |