linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: File descriptor object capability LSM

Re: File descriptor object capability LSM module. Feasability?

From: Peter Dolding <oiaohm_at_nospam>
Date: Tue Nov 06 2007 - 02:21:32 GMT
To: rmeijer@xs4all.nl


http://www.ibm.com/developerworks/linux/library/l-posixcap.html This covers part of what you are talking about. Least authority exec.  Its one of the cures to the SUID bit problem.

Wonder if the exec bit would be better done with a normal posix capabilities flag saying that this is on offer. void fdoc_set_exec_pola(); replaced by a posix capabilities security flag on exec of program telling about the usage of this feature. So scanning applications its simple to find what ones are using this feature. This also allows optimization. No on avoid code.

Even possibly a second flag forbin or allow the transfer of permissions down the line ie forbin from using this feature. This might be a feature shared with posix file capablities.

Note each access right passed need to have a option of pass to no one else.

Yes I would say prototype in LSM. Feature like this with work could endup in main line too. The module you are very much laying out is the default kernel model of application controlled security.

Peter Dolding
-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html