Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel

On Aug 19, 2007, at 17:12:41, Valdis.Kletnieks@vt.edu wrote:

quoted text

> On Sat, 18 Aug 2007 01:29:58 EDT, Kyle Moffett said: >> If you can show me a security system other than SELinux which is >> sufficiently flexible to secure those 2 million lines of code >> along with the other 50 million lines of code found in various >> pieces of software on my Debian box then I'll go put on my dunce >> hat and sit in the corner. > > /me hands Kyle a dunce cap. :) > > Unfortunately, I have to agree that both AppArmor and Smack have at > least the potential of qualifying as "securing the 2M lines of code". > > The part that Kyle forgot was what most evals these days call the > "protection profile" - What's the threat model, who are you > defending against, and just how good a job does it have to do? > I'll posit that for a computer that is (a) not networked, (b) > doesn't process sensitive information, and (c) has reasonable > physical security, a security policy of "return(permitted);" for > everything may be quite sufficient.

Well, in this case the "box" I want to secure will eventually be running multi-user X on a multi-level-with-IPsec network. For that kind of protection profile, there is presently no substitute for SELinux with some X11 patches. AppArmor certainly doesn't meet the confidentiality requirements (no data labelling), and SMACK has no way of doing the very tight per-syscall security requirements we have to meet. I didn't make this clear initially but that is the kind of system I'm talking about wanting to secure some 50 million lines of code on.

quoted text

> (Of course, I also have boxes where "the SELinux reference policy > with all the MCS extensions plus all the LSPP work" is someplace > I'm trying to get to).

Well, for some of the systems we distribute, "all the MCS extensions plus all the LSPP work" is nowhere near enough security; we need full- fledged multi-level-security, role-based-access-control, and specific per-daemon MAC restrictions. Cheers, Kyle Moffett -

unsubscribe notice

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set