On 13 Aug, Glen Turner wrote:
> The solution, attaching an authorisation to each data stream,
> is well known but not deployed in either Windows or Linux.
That's not quite true. Although the standard Linux environment does not
include such a mechanism, work is being done on this by such luminaries
as the NSA in the US (This is TE Linux, TE==type enforcement). TE Linux
uses Red Hat Linux as its base distribution.
One of the features of type enforcement is that resources/priveleges are
attached to processes in a way that is completely independent of the
'user' priveleges of that would be inherited by a process in the normal
*nix environment. Using TE thus allows a process to be given only those
resources (including access priveleges) that are required. It would thus
be possible in TE Linux to remove any 'execute shell script'
resource/privelege.
I would anticipate that this capability will be rolled into the current
2.5 kernel development tree (it currently requires kernel patches). The
basic approach is to create a mechanism by which security policies can
be implemented through a Linux kernel module. This would allow a much
richer security policy environment than is currently the case - and one
that can be tailored to meet specific needs.
You can find more information on this at
http://www.securecomputing.com/archive/press/2000/nsa_faq_secure_linux.html
(Secure Computing are doing this work with NSA and I did some work on
this whilst with Red Hat in the USA).
-- Robert Hart hartr@redhat.com Red Hat Asia-Pacific, Unit 15, 23 James St, Brisbane, Qld 4006, Australia Tel +61 (0)7 3872 4808 Fax +61 (0)7 3257 4800
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:04 EST