Re: [PATCH 0/4] MultiAdmin LSM

This module implements two distinct ideas:

(1) Multiple superusers with distinct UIDs.

More than one root on a system I think is generally regarded as a bad 
idea.  I'm not sure why you'd use a scheme like this instead of, say, sudo 
or custom setuid helpers for specific tasks -- whatever the case, I think 
such issues can be addressed entirely in userspace.


(2) Partially decomposing the superuser and protecting some users from 
    some decomposed superusers, and decomposing CAP_SYS_ADMIN.

This is a special-case security policy hard-coded into the kernel.  It 
lacks a clear design rationale, and does not seem amenable to analysis, as 
its access control coverage is incomplete.

As already suggested, it may be worth looking at just decomposing 
CAP_SYS_ADMIN, although it's not clear how do to this correctly for the 
general case.


- James
-- 
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
  - From: Christoph Hellwig <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
  - From: Stephen Smalley <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
  - From: Christoph Hellwig <[email protected]>
- Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: James Morris <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Arjan van de Ven <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Jan Engelhardt <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
  - From: Greg KH <[email protected]>
- [PATCH 0/4] MultiAdmin LSM
  - From: Jan Engelhardt <[email protected]>

Prev by Date: Re: OOM kills if swappiness set to 0, swap storms otherwise
Next by Date: Re: OOM kills if swappiness set to 0, swap storms otherwise
Previous by thread: Re: [PATCH 4a/4] MultiAdmin LSM (LKCS'ed)
Next by thread: Re: [PATCH 0/4] MultiAdmin LSM
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]