A few questions
Klaus Weidner
klaus at atsec.com
Thu Sep 21 15:26:43 UTC 2006
On Thu, Sep 21, 2006 at 05:01:10PM +0200, Salvo Giuffrida wrote:
> >From: Stephen Smalley <sds at tycho.nsa.gov>
> >Mandatory access control implies a bit more than just admin-only policy
> >(otherwise AppArmor would qualify, as would many other things). In
> >particular, we identify three properties for MAC:
> >- complete mediation (control over all processes and objects),
> Isn't there complete control also on standard Linux with DAC? What are
> things not controlled? Virtual filesystems?
The "Discretionary" in DAC means that a user has the right to give anyone
read or write access to his files. MAC doesn't permit that, certain
accesses are forbidden by the admin controlled policy no matter what the
user wants. This way, MAC offers protections against trojan horses and
other malicious code that's running with a user's privileges.
You may want to read the book "Building a Secure Computer System" by
Morrie Gasser, which is a bit old but has an excellent introduction to
this:
http://nucia.ist.unomaha.edu/library/gasserbook.pdf
> >- complete and accurate basis for security decisions (decisions based on
> >all security relevant information, and accurately reflecting the
> >security properties of the process and object),
> Security relevant information, such as? Level of confidentiality, role,
> and...?
Type (SELinux uses Type Enforcement (TE) in additition to MLS and
to support RBAC)
The "accurate" part is a dig at AppArmor which is path based, as opposed
to the file labels which are directly associated with objects. Each has
advantages and disadvantages, check the LKML "LSM" flamewar for
additional background information.
-Klaus
More information about the fedora-selinux-list
mailing list