Why we should care [LWN.net]

Why we should care

Posted Aug 18, 2005 3:07 UTC (Thu) by flewellyn (subscriber, #5047)
In reply to: Why we should care by cdmiller
Parent article: An overview of multilevel security

The existing permissions system is discretionary, i.e., the permissions are set at the discretion of
the file owner. If a sensitive file is owned by root, this may not (always) be such a big deal; but if
a sensitive file is owned by a particular user ("daemon" users included!), then nothing prohibits a
process running as that user from changing the permissions.

SELinux's mandatory controls override this. Something labeled as "secret", for instance, could be
set so that only certain users could read or write the file, and even the file's owner cannot change
this. This level of security in addition to traditional discretionary controls is invaluable.

(Log in to post comments)

Why we should care

Posted Aug 18, 2005 7:54 UTC (Thu) by jmshh (guest, #8257) [Link]

Mandatory access control is something else. It aims at the same goal:
reducing errors in the security configuration.
Best way of working is to use them both.

Why we should care

Posted Aug 18, 2005 11:49 UTC (Thu) by druiloor (guest, #26069) [Link]

As i see it, most of this MAC stuff could (theoretically) be done with a combination of: Unix groups, POSIX filesystem ACLs, and extended artibutes (administated with like CAP_LINUX_IMMUTABLE privs.)

However that might be major pain, and not al all easy to get right ...

What i found to be a good read, discussing security inc MAC, MLS, et al:
http://www.google.com/search?q=gasserbook