Posted Sep 23, 2004 23:16 UTC (Thu) by pimlott
In reply to: Complexity
Parent article: An introduction to SELinux
How do you propose to transition uids? How to keep them unique? What about the problem of applications which will want to look up little details like the home directory or user name in /etc/passwd?
These issues seem easy (but bear in mind these are answers I've made up on my own and never tried!). You have a setuid program that allocates additional uids to a user, puts them in /etc/passwd and everything. (Or maybe you pre-allocate a pool of "sub-users" when you create a user.) By default, they would probably have the same home directory, etc as the "main" uid.
How do I grant access to this new uid for certain objects?
The short answer is with usual unix permissions, but here it gets harder. You probably at least want to let users allocate their own groups, and since groups are not that flexible, you probably want ACLs as well. (But ACLs are becoming more common anyway.) Further, you may need to add a notion of relationships between users, so one user might be a "master" of another and be able to chown or chmod his files. This is where I think a genuine extension may be needed, because in traditional unix, every user is an "island".
Now, even if you ran mozilla under a separate uid, you'd have to grant it access to your X connection.
Yes, this is a hard problem, but again you're begging the question when you say SELinux is the answer. A secure, multi-domain X server can just as well be based on uids (or cryptographic keys) as on SELinux. You seem to equate compartmentalization with SELinux, and I think that's simply an unwarranted assumption.
to post comments)