Re: gnome-keyring Question about ACL per storage item
- From: Stef Walter <stefw collabora co uk>
- To: Elena Reshetova <elena reshetova gmail com>
- Cc: Casey Schaufler <casey schaufler-ca com>, gnome-keyring-list gnome org
- Subject: Re: gnome-keyring Question about ACL per storage item
- Date: Tue, 25 Oct 2011 15:50:11 +0200
On 2011-10-24 12:29, Elena Reshetova wrote:
> Nobody is looking forward for such debates, they tend to be long :)
> I think it is more like each LSM is welcome
> to add their support to Gnome Keyring in order to make it more secure
> and extend the feature set.
> Smack can be just the first one to do it.
That's what I like to hear :)
> Moreover, do we actually need to have a tight connection with a
> particular LSM?
> Can it be done generic enough by having an application identifier field
> (even simply as a string)
> and then let each LSM enforce its own security context separation based
> on this field.
> SELinux will enforce it in one way, Smack in other and etc. So, all what
> I am saying is that I think
> keyring should not worry how applications are identified/isolated and
> etc. It can just have means
> to enforce ACL on credential items and let OS do the hard job of
> separating the apps.
A decent way to approach the problem.
One bit that I think is important is to have the default case be
accessible. That is that if no security on a secret or key is set, the
key would be accessible to the user security context.
As you may notice (for better or worse) much of the internals of
gnome-keyring is implemented by way of PKCS#11 modules. I've worked out
a way to have the client applications identified when calling into a
PKCS#11 module that is hosted in the daemon, via an extension to
PKCS#11. Currently this is only partially implemented, but we can flesh
it out and document it.
Cheers,
Stef
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
