Re: Integrating securelevel and kauth(9)

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Cc: <tech-security@...>, <tech-kern@...>

Subject: Re: Integrating securelevel and kauth(9)

Date: Saturday, March 25, 2006 - 3:04 pm

> So:
quoted text> 
> > it's better to write listeners to check "securelevel" variable
> > for appropriate scopes, rather than having a single scope gathering
> > these random operations.
> > ie. i think securelevel should be turned into listener(s), not a scope.
> 
> IIUC, you mean to create several listeners that would each be in charge
> of making a decision for different "knobs", and defer requests
> otherwise?
> 
> If so, to what scope should these listeners be attached to?

i meant, eg. you can write an listener like the following and
register it to KAUTH_SCOPE_PROCESS scope, to replace securelevel checks
in sys_ptrace() and process_checkioperm().

	int
	securelevel_process_listener_callback(....)
	{
		switch () {
		case KAUTH_PROCESS_CANPTRACE:
		case KAUTH_PROCESS_CANIO:
			if (p == initproc && securelevel > -1) {
				return KAUTH_RESULT_DENY;
			}
		}
		return KAUTH_RESULT_DEFER;
	}

quoted text> > btw, it seems that you are proposing two different things in this mail.
> > 	- adapt securelevel to kauth world
> > 	- make securelevel a bitmap
> > 
> > i'm not sure if the latter is a good idea.
> > why bother to complicate securelevel, while you can just have
> > another listener to implement finer-grained access control?
> 
> It's not really "make securelevel a bitmap", but introduce a new
> variable that'll store the information kauth(9) will refer to when a
> request is made.
> 
> If now there's an "int securelevel" kernel code can check before
> granting access to, say, open the raw memory device; if we are splitting
> the knobs, we need a place to store the values for all these knobs.
> 
> Where else would information such as "modifications to the packet
> filter rules are disallowed" will be kept? (granted, that's got to
> do more with the security model used; let's assume "traditional Unix"
> for the context ;)
> 
> ...or am I not understanding you correctly?

see the above example.
"int securelevel" should be enough to implement securelevel as a listener.

for the case of "filter rule modification", you can write another listener for
the scope which covers the operation.
yes, you need to create an appropriate scope, i think.

YAMAMOTO Takashi

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 1:56 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 12:42 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 2:29 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 3:04 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 3:10 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 3:40 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 3:50 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sat Mar 25, 4:54 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 5:08 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sun Mar 26, 6:45 am)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sun Mar 26, 1:57 pm)

Re: Integrating securelevel and kauth(9), Robert Watson, (Tue Mar 28, 7:34 am)

Re: Integrating securelevel and kauth(9), David Laight, (Tue Mar 28, 1:29 pm)

Re: Integrating securelevel and kauth(9), Robert Watson, (Tue Mar 28, 1:36 pm)

Re: Integrating securelevel and kauth(9), Daniel Carosone, (Tue Mar 28, 4:36 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Sun Mar 26, 4:56 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sun Mar 26, 5:58 pm)

Re: Integrating securelevel and kauth(9), YAMAMOTO Takashi, (Mon Mar 27, 6:57 am)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Mon Mar 27, 6:47 pm)

Re: Integrating securelevel and kauth(9), Matt Thomas, (Mon Mar 27, 9:37 pm)

Re: Integrating securelevel and kauth(9), Thomas E. Spanjaard, (Mon Mar 27, 9:18 pm)

Re: Integrating securelevel and kauth(9), Martin Husemann, (Mon Mar 27, 7:20 am)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Fri Mar 24, 6:44 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 6:56 pm)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Sat Mar 25, 2:05 pm)

Re: Integrating securelevel and kauth(9), David Laight, (Fri Mar 24, 3:01 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 5:51 pm)

Re: Integrating securelevel and kauth(9), Bill Studenmund, (Fri Mar 24, 6:29 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Fri Mar 24, 2:17 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 5:24 pm)

Re: Integrating securelevel and kauth(9), Matthew Mondor, (Sat Mar 25, 4:59 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 5:28 pm)

Re: Integrating securelevel and kauth(9), Matthew Mondor, (Sat Mar 25, 6:53 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Sat Mar 25, 7:22 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Sat Mar 25, 9:07 pm)

Re: Integrating securelevel and kauth(9), Garrett D'Amore, (Fri Mar 24, 5:55 pm)

Re: Integrating securelevel and kauth(9), Elad Efrat, (Fri Mar 24, 8:29 pm)


linux-kernel:
Karl Meyer	PROBLEM: 2.6.23-rc "NETDEV WATCHDOG: eth0: transmit timed out"
David Miller	Slow DOWN, please!!!
Mark Fasheh	[PATCH 0/39] Ocfs2 updates for 2.6.28
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
git:
Shawn O. Pearce	Re: pack operation is thrashing my server
Pierre Habouzit	git send-email improvements
Matthieu Moy	git push to a non-bare repository
Shawn O. Pearce	libgit2 - a true git library
netbsd-tech-kern:
Elad Efrat	Integrating securelevel and kauth(9)
Hubert Feyrer	Re: Compressed vnd handling tested successfully
Lord Isildur	Re: Fork bomb protection patch
Matt Thomas	Re: FFS journal
openbsd-misc:
Will Maier	cron doesn't run commands in /etc/crontab?
Richard Stallman	Real men don't attack straw men
Harald Dunkel	Re: Packet Filter: how to keep device names on hardware failure?
Jordi Espasa Clofent	Resolving dependencies with pkg_add


Question on swap as ramdisk partition	59 minutes ago	Linux kernel
Netfilter kernel module	11 hours ago	Linux kernel
serial driver xmit problem	14 hours ago	Linux kernel
Why Windows is better than Linux	14 hours ago	Linux general
How can I see my kernel messages in vt12?	21 hours ago	Linux kernel
Grub	1 day ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	1 day ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	2 days ago	Linux general

Re: Integrating securelevel and kauth(9)

Online users