Date: Thu, 14 Mar 2002 20:52:00 -0500 From: "Ugen Antsilevitch" <ugen@undp.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: hackers@FreeBSD.org Subject: Re: execution access control <was Kernel Module@developers> Message-ID: <8b8f468b98ad.8b98ad8b8f46@undp.org>
next in thread | raw e-mail | index | archive | help
> you name an object, but what object you act on. The namespace > approachhas merit too, and is the basis for the DTE work done at > TIS a number of > years ago. You might be interested in taking a look at some of > the DTE > papers published at USENIX... I have seen this work - this is almost exactly what i am hacking around here with a couple of notable exceptions: - Making everything non-system-specific (hence using names - the access control engine doesn't need to know what's outside). - Allowing moves between "nodes" (things they call "domains", my control structure is pretty much a tree, described in XML :)))) based not only on execution but on external rules. - Above should link into firewall rules - that will make some neat things possible (like having identical ssh shells restricted to different sets of command execution and file access based on where you come from:))))) On the partially related note, this whole thing is configured through parsing pseudo-device. It takes some (rigorously defined and enforced) format definitions and structure pointers, then fills the structures and hands them back to anything in the kernel. This can be useful as a generic interface for anything that doesn't have one (instead of abusing ioctals, raw sockets and alike). --Ugen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8b8f468b98ad.8b98ad8b8f46>