From owner-freebsd-hackers Thu Mar 14 17:52: 9 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from relay2.undp.org (rock.undp.org [192.124.42.30]) by hub.freebsd.org (Postfix) with ESMTP id 0300437B416; Thu, 14 Mar 2002 17:52:04 -0800 (PST) Received: from belka.undp.org (belka.undp.org [192.124.42.51]) by relay2.undp.org (8.11.1/8.11.1/1.16) with ESMTP id g2F1q3A02169; Thu, 14 Mar 2002 20:52:03 -0500 (EST) Received: from belka.undp.org (localhost [127.0.0.1]) by belka.undp.org (8.10.0/8.10.0) with ESMTP id g2F1q2o07813; Thu, 14 Mar 2002 20:52:02 -0500 (EST) Received: from inet02.hq.undp.org (strelka.undp.org [192.124.42.50]) by belka.undp.org (8.10.0/8.10.0) with ESMTP id g2F1q2l07809; Thu, 14 Mar 2002 20:52:02 -0500 (EST) Received: from undp.org ([127.0.0.1]) by inet02.hq.undp.org (Netscape Messaging Server 4.15) with ESMTP id GSZRUO00.5W8; Thu, 14 Mar 2002 20:52:00 -0500 From: "Ugen Antsilevitch" To: Robert Watson Cc: hackers@FreeBSD.org Message-ID: <8b8f468b98ad.8b98ad8b8f46@undp.org> Date: Thu, 14 Mar 2002 20:52:00 -0500 X-Mailer: Netscape Webmail MIME-Version: 1.0 Content-Language: en Subject: Re: execution access control X-Accept-Language: en Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > you name an object, but what object you act on. The namespace > approachhas merit too, and is the basis for the DTE work done at > TIS a number of > years ago. You might be interested in taking a look at some of > the DTE > papers published at USENIX... I have seen this work - this is almost exactly what i am hacking around here with a couple of notable exceptions: - Making everything non-system-specific (hence using names - the access control engine doesn't need to know what's outside). - Allowing moves between "nodes" (things they call "domains", my control structure is pretty much a tree, described in XML :)))) based not only on execution but on external rules. - Above should link into firewall rules - that will make some neat things possible (like having identical ssh shells restricted to different sets of command execution and file access based on where you come from:))))) On the partially related note, this whole thing is configured through parsing pseudo-device. It takes some (rigorously defined and enforced) format definitions and structure pointers, then fills the structures and hands them back to anything in the kernel. This can be useful as a generic interface for anything that doesn't have one (instead of abusing ioctals, raw sockets and alike). --Ugen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message