|
|
Log in / Subscribe / Register

3.18 Merge window part 2

3.18 Merge window part 2

Posted Oct 22, 2014 9:37 UTC (Wed) by etienne (guest, #25256)
In reply to: 3.18 Merge window part 2 by dlang
Parent article: 3.18 Merge window part 2

> > The Smack mandatory access control subsystem has a new "bring-up" mode that can be used to record the permissions a process needs to execute. It is intended to be used in the writing of Smack rules, then compiled out on production systems.

> This sort of approach to setting up complex permissions is a good one. It requires that there is a good test plan to exercise all the corner cases of the application, but you are doing that already, right? ;-)

If the application is calling home to see if there is a newer version and decides to self-upgrade (not using the official upgrade system is bad (TM) but still done), then that application needs *a lot of* permissions.
The worst is when the application self upgrade, but in the middle is refused write/creation access to a small file - and that upgrade finishes non-functional in subtle way, non reproduce-able on the developer machine.
Another requirement for package manager: an application shall be able to self-upgrade without needing root access? How about self-upgrading a library it is using? Only libraries written in an interpreted language (Python, java, ...) can be self-upgraded?

to post comments

3.18 Merge window part 2

Posted Oct 22, 2014 21:57 UTC (Wed) by raven667 (guest, #5198) [Link]

For this to work well and not make your security framework useless because it can't block anything you need to have privilege separated into discrete components that can have different privileges. Like postfix, sshd or chrome.

3.18 Merge window part 2

Posted Oct 22, 2014 23:16 UTC (Wed) by dlang (guest, #313) [Link] (1 responses)

If you want to have the application update itself, you will have to give it all those permissions.

But if you aren't wanting that to happen, don't allow it to happen during your test and if something slips in where it tries to do so in production, it will fail.

so this is still a good tool.

3.18 Merge window part 2

Posted Oct 23, 2014 9:20 UTC (Thu) by etienne (guest, #25256) [Link]

> If you want to have the application update itself, you will have to give it all those permissions.

I do not want it! but some application do it anyway...

> But if you aren't wanting that to happen, don't allow it to happen during your test and if something slips in where it tries to do so in production, it will fail.

Usually only partly fail, partly succeed...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds