programming interface for mandatory access controls

[mike halderman]

Seems like if you wanted to implement this as a MAC module, it wouldn't
be too hard.  You could give each process a label that described the 
capabilities, and an interface to drop the capabilities the process
doesn't want.  Would that work?

-mike

ari <edelkind-trustedbsd-discuss at episec.com> writes:

> Not exactly, no.  What i'm working on is something a bit more like
> discretionary access control, where programs decide for themselves what
> privileges they would like to drop, just as a root-owned process may
> drop its root privileges using setuid(2).  I would actually like to see
> it as readily available as the setuid(2) and chroot(2) calls, despite
> however unlikely that may be to happen anytime in the near future.
>
> That said, it _is_ possible to implement this using a discretionary
> interface to mandatory access control.  The problem, however, is MAC's
> significant overhead.  I don't believe that this interface _should_ need
> to rely on MAC capabilities being present in the kernel, as dropping
> privileges on demand seems a natural extension of unix principles, as
> opposed to simply an optional programming interface for security
> extensions.  Still, implementing it as a MAC module may be useful and
> effective on many systems.
>
> If you're still unclear as to what i'm doing (or why i'm doing it), and
> you've viewed the sample code and mailing list archives (there was also
> a similar thread on bugtraq recently), just let me know what specific
> points you have questions or doubts about, and i'll elaborate.
>
> ari
>

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message