[redhat-lspp] Syscalls questions
Klaus Weidner
klaus at atsec.com
Thu Jun 29 14:16:03 UTC 2006
On Thu, Jun 29, 2006 at 10:16:36AM +0100, David Howells wrote:
> Klaus Weidner <klaus at atsec.com> wrote:
> > The testing would be for compliance with LSPP, in this case that the
> > syscalls properly implement mandatory access control and generate correct
> > audit records.
>
> And you think this testing _wouldn't_ be appropriate for the key management
> interface?
The kernel key management isn't widely used at the moment. Defining the
evaluated configuration for Common Criteria testing generally involves
some tradeoffs to keep the scope manageable, for example supporting only
a single filesystem type. The key rings would require a large amount of
documentation and testing which doesn't seem justified for the evaluation
considering that it's a feature that the people currently using MLS
systems don't expect to be present. This doesn't mean that the features
not looked at are in any way bad or insecure, but you have to draw the
line somewhere given how many things the Linux kernel can support.
> > Is there any clean way to disable them at runtime for non-admins, maybe a
> > SELinux constraint? It would save a lot of work for the evaluation...
>
> Well, you can compile them out of your kernel.
The evaluation needs to use the shipped RHEL kernel so that the results
are applicable to people who use that, so recompiling is unfortunately
not an option. That's why I was asking for a runtime method. They
wouldn't need to be completely gone, just inaccessible to the
non-administrative users.
-Klaus
More information about the redhat-lspp
mailing list