Re: Integrating securelevel and kauth(9)

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Cc: <tech-security@...>, <tech-kern@...>

Subject: Re: Integrating securelevel and kauth(9)

Date: Saturday, March 25, 2006 - 12:42 pm

hi,

quoted text>   These requests will be implemented as a new kauth(9) scope, called the
>   "system" scope.

the fact that "access raw memory" and "change firewall rule" are
controlled by securelevel is not a good reason to put them into
a single scope, IMO.
it's better to write listeners to check "securelevel" variable
for appropriate scopes, rather than having a single scope gathering
these random operations.
ie. i think securelevel should be turned into listener(s), not a scope.


btw, it seems that you are proposing two different things in this mail.
	- adapt securelevel to kauth world
	- make securelevel a bitmap

i'm not sure if the latter is a good idea.
why bother to complicate securelevel, while you can just have
another listener to implement finer-grained access control?

YAMAMOTO Takashi

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 1:56 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 12:42 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 2:29 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 3:04 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 3:10 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 3:40 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 3:50 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 4:54 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 5:08 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sun Mar 26, 6:45 am)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sun Mar 26, 1:57 pm)

Re: Integrating securelevel and kauth(9), Robert Watson, (Tue Mar 28, 7:34 am)

Re: Integrating securelevel and kauth(9), David Laight, (Tue Mar 28, 1:29 pm)

Re: Integrating securelevel and kauth(9), Robert Watson, (Tue Mar 28, 1:36 pm)

Re: Integrating securelevel and kauth(9), Daniel Carosone, (Tue Mar 28, 4:36 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sun Mar 26, 4:56 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sun Mar 26, 5:58 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Mon Mar 27, 6:57 am)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Mon Mar 27, 6:47 pm)

Re: Integrating securelevel and kauth(9), Matt Thomas, (Mon Mar 27, 9:37 pm)

Re: Integrating securelevel and kauth(9), Thomas E. Spanjaard, (Mon Mar 27, 9:18 pm)

Re: Integrating securelevel and kauth(9), Martin Husemann, (Mon Mar 27, 7:20 am)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Fri Mar 24, 6:44 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 6:56 pm)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Sat Mar 25, 2:05 pm)

Re: Integrating securelevel and kauth(9), David Laight, (Fri Mar 24, 3:01 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 5:51 pm)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Fri Mar 24, 6:29 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Fri Mar 24, 2:17 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 5:24 pm)

Re: Integrating securelevel and kauth(9), Matthew Mondor, (Sat Mar 25, 4:59 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 5:28 pm)

Re: Integrating securelevel and kauth(9), Matthew Mondor, (Sat Mar 25, 6:53 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 7:22 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Sat Mar 25, 9:07 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Fri Mar 24, 5:55 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 8:29 pm)


linux-kernel:
Karl Meyer	PROBLEM: 2.6.23-rc "NETDEV WATCHDOG: eth0: transmit timed out"
David Miller	Slow DOWN, please!!!
Mark Fasheh	[PATCH 0/39] Ocfs2 updates for 2.6.28
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
git:
Shawn O. Pearce	Re: pack operation is thrashing my server
Pierre Habouzit	git send-email improvements
Matthieu Moy	git push to a non-bare repository
Shawn O. Pearce	libgit2 - a true git library
netbsd-tech-kern:
Elad Efrat	Integrating securelevel and kauth(9)
Hubert Feyrer	Re: Compressed vnd handling tested successfully
Lord Isildur	Re: Fork bomb protection patch
Matt Thomas	Re: FFS journal
openbsd-misc:
Will Maier	cron doesn't run commands in /etc/crontab?
Richard Stallman	Real men don't attack straw men
Harald Dunkel	Re: Packet Filter: how to keep device names on hardware failure?
Jordi Espasa Clofent	Resolving dependencies with pkg_add


Question on swap as ramdisk partition	52 minutes ago	Linux kernel
Netfilter kernel module	11 hours ago	Linux kernel
serial driver xmit problem	14 hours ago	Linux kernel
Why Windows is better than Linux	14 hours ago	Linux general
How can I see my kernel messages in vt12?	21 hours ago	Linux kernel
Grub	1 day ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	1 day ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	2 days ago	Linux general

Re: Integrating securelevel and kauth(9)

Online users