Hi,
On Mon, Sep 24, 2007 at 04:31:22PM +0100, Brian Candler wrote:

quoted text
> On Sun, Sep 23, 2007 at 10:54:06PM +0100, Rui Miguel Silva Seabra wrote:

> > On Sat, Sep 22, 2007 at 06:47:46PM -0500, L. V. Lammert wrote:

> > > OBSD is UNIX, .. SELinux is Linux. If you want a secure, efficient,

> > > compact OS done by folks you can trust and actually talk to, use OBSD; if

> > > you want 'fairly secure Linux' [which has had thousands of hand in it

> > > including NSA, as mentioned previousy], use OpenSUSE with ***AppArmor***.

> > > Simple and easy to implement, even by less senior Admins.

> >

> > Can you say "root can only run this and that application when su'ed from

> > that guy, and may not open any net connection, but open this file and none

> > else" in OpenBSD? If so, how can I do it? :)

>

> You solve the problem a different way:

>

> - You don't give the guy root access, but their own userid

The guy can be some stupid binary software with an "if(uid!=root) bail();"
> - You set file permissions so this userid can read only the file of interest
"none else" => find / -type f -exec chmod o-r \{\} \; is a lot of overkill....
> - You use pf rules so that this user ID cannot send network packets

quoted text
>

> - If this guy needs root for something (e.g. to bind to port 80), then you

>   write a three-line setuid root wrapper which binds to port 80 for them.

>   If you have a lot of this to do, then consider an 'open server' which

>   returns the open file descriptor.

All in all, forms of doing it all, but doing all you described creates a lot

more work than creating an SELinux policy :)
Best,

Rui
--

Umlaut Zebra o?=ber alles!

Today is Boomtime, the 48th day of Bureaucracy in the YOLD 3173

+ No matter how much you do, you never do enough -- unknown

+ Whatever you do will be insignificant,

| but it is very important that you do it -- Gandhi

+ So let's do it...?