programming interface for mandatory access controls

[ari]

Not exactly, no.  What i'm working on is something a bit more like
discretionary access control, where programs decide for themselves what
privileges they would like to drop, just as a root-owned process may
drop its root privileges using setuid(2).  I would actually like to see
it as readily available as the setuid(2) and chroot(2) calls, despite
however unlikely that may be to happen anytime in the near future.

That said, it _is_ possible to implement this using a discretionary
interface to mandatory access control.  The problem, however, is MAC's
significant overhead.  I don't believe that this interface _should_ need
to rely on MAC capabilities being present in the kernel, as dropping
privileges on demand seems a natural extension of unix principles, as
opposed to simply an optional programming interface for security
extensions.  Still, implementing it as a MAC module may be useful and
effective on many systems.

If you're still unclear as to what i'm doing (or why i'm doing it), and
you've viewed the sample code and mailing list archives (there was also
a similar thread on bugtraq recently), just let me know what specific
points you have questions or doubts about, and i'll elaborate.

ari


evms at bu.edu said this stuff:

> On Sunday 24 August 2003 09:43 am, ari wrote:
> > This is in reference to a project that i'm working on:
> >
> >   http://www.episec.com/people/edelkind/patches/kernel/flowpriv/
> >
> > Please view that site for background information.
> 
> I don't understand. Are you trying to reimplement TrustedBSD's MAC
> capabilities?
> 
> Thanks,
> Evan
> 
> - -- 
> Evan Sarmiento (evms at cs.bu.edu)
> WWW: http://evms.no-ip.org:8080

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message