User: Password:
Subscribe / Log in / New account



Posted Sep 23, 2004 10:09 UTC (Thu) by zooko (guest, #2589)
In reply to: Complexity by pimlott
Parent article: An introduction to SELinux

I think you are on the right track. In my view, the ultimate goal should be an object-capability system, as described in Paradign Regained . Paradigm Regained starts with a good, simple motivating question: "How much authority does cp need?".

My litmus test for this issue is: what access control system will allow me to download a dancing bear program from and run it on my desktop, without taking any explicit action to indicate that I want it to have limited permissions, and still be safe from any malicious thing that the dancing bear program might try to do?

I saw a demo of exactly that, using the CapDesk object-capability access control system, demoed by Marc Stiegler.

Any access control system that can't do that isn't good enough for me.

So for me, the question of what kind of access control system to use has an obvious answer: use the object-capability paradigm. The question of how to make it sufficiently backwards-compatible to gain users does not have an obvious answer. The CapDesk demo could not run dancing bear .exe's, nor dancing bear x86 glibc executables. It could only run dancing bear programs written in the E language.

(Log in to post comments)


Posted Sep 23, 2004 13:46 UTC (Thu) by walters (subscriber, #7396) [Link]

It could only run dancing bear programs written in the E language.

Rewriting Apache, cp, GNOME, bind, su, and every other program in E is not feasible. Therefore, even if E exists, it doesn't provide a solution for Linux today. SELinux does.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds