Re: security, permission models




No he doesn't. He hates the Virus, but his aim is that he just doesn't
have to care about security, i.e. security should be guaranteed
automagically without having to deal with it.
This particular discussion concerns confidentiality and information disclosure. I'm not sure how you suggest we address this problem without specific input from the user indicating what his or her confidentiality requirements are.

Please, let's stay focused on the specific, with emphasis on current capabilities, and how we can use them. Diverging into general discussion about how security should be automatic won't accomplish anything. In fact, a much better place for such a discussion is nsa-list.
As of writing SElinux is an interesting security approach, because it
tries to combine some of the MLA aspects with the traditional UNIX
permission model,
SELinux includes TE (Type Enforcement), RBAC (Role Based Access Control), and MLS (Multi Level Security). It's a combination of many types of enforcement, all working together, in complement to Unix permissions.

but it doesn't offer anything for the mass market,
because it's limited to /etc foo, i.e. tied to the OS/host instead of
also having some of the connectivity needs of people in scope.
Distributed policy will be addressed by Tresys' Technologies policy server development. Better integration with things like LDAP is also planned. Remember, SELinux is an emerging technology, so many of the missing features will appear in due time.
Something fundamentally new would be:

I'd like to be able to tag a file as "All", and have it available
through a sharing service to all people knowing my ID, and all people
logged in on my system in a "Shared Resources" listing.
This is a good time to point out that SELinux restricts additional access on top of Unix permissions. Its goal is not to override or replace the current permissions model. In fact, SELinux rules are applied only after standard Unix DAC, and I believe MCS rules are applied last (TE and RBAC taking precedence)... though I could be wrong.

In order to accomplish what you ask, you'd have to violate Unix DAC, since your file is most likely in your home folder, which is most likely private to other users. I could think of ways to accomplish this - maybe have a privileged daemon be notified whenever you do that kind of thing, and it can provide the file to clients with appropriate authorization. Samba would play that role in the example below (Samba integration with nautilus so I can right click and share folders would be very nice). Anyway, that's not in the scope of the SELinux project.

Another tag
"Family" would allow my family to authenticate themselves with their ID
on the sharing service, on my local host or through samba and have the
Documents right on their machine.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]