Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kyle Moffett wrote:

On Oct 04, 2007, at 21:44:02, Eric W. Biederman wrote:
What we want from the LSM is the ability to say -EPERM when we can clearly articulate that we want to disallow something. 
This sort of depends on perspective; typically with security 
infrastructure you actually want "... the ability to return success when 
we can clearly articulate that we want to *ALLOW* something".  File 
permissions work this way; we don't have a list of forbidden users 
attached to each file, we have an owner, a group, and a mode 
representing positive permissions.  With that said in certain high-risk 
environments you need something even stronger that cannot be changed by 
the "owner" of the file, if we don't entirely trust them,

Other than ACLs, of course, which do allow blacklisting individual users.

--
Bill Davidsen <davidsen@tmr.com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



















[Index of Archives]
 
 
[Kernel Newbies]
 
 
[Netfilter]
 
 
[Bugtraq]
 
 
[Photo]
 
 
[Stuff]
 
 
[Gimp]
 
 
[Yosemite News]
 
 
[MIPS Linux]
 
 
[ARM Linux]
 
 
[Linux Security]
 
 
[Linux RAID]
 
 
[Video 4 Linux]
 
 
[Linux for the blind]
 
 
[Linux Resources]







 
Powered by Linux