Why aren't policies automatically generated?
Posted Feb 10, 2007 21:21 UTC (Sat) by skybrian
Parent article: SLIDE into SELinux policy development
I'm sure folks who study this have thought of it already, but it seems like taking a different approach would work better: instead of manually writing policies, compiling and installing a program should automatically generate a policy that grants access to all the resources that the program could potentially need, and no more, with links back to the code that requires access. The jail's role is only to make sure that the program meets its own policy. Security would come from reviewing program policies for red flags and looking at any changes in new versions. Developers would then be able to improve security by rewriting their code to remove any dependencies that aren't strictly needed. Nobody would need to write policies.
(This assumes a lot from static program analysis, but that's inherent in the problem since policies are static.)
to post comments)