Feature request (is this even possible?)

Discuss and suggest new grsecurity features

Feature request (is this even possible?)

Postby epoch » Mon Jun 02, 2003 1:54 pm

I've been thinking of ways of 'paranoia-ifying' my system even further than grsecurity, and have come up with an interesting idea. Would it be possible to extend grsecurity ACLs to allow user control over his/her own files? As in, have the master ACLs, and each user can control another set of ACLs on top (but not overriding) the master ACLs, to protect his/her files from malicious programs/scripts.
epoch
 
Posts: 2
Joined: Mon Jun 02, 2003 1:49 pm

Postby spender » Mon Jun 02, 2003 11:40 pm

It's possible. I won't be doing that though, as it's not MAC, but DAC (the user controls access to his files). Though somewhat along those lines, grsecurity 2.0 supports user/group/special roles that either do or don't require authentication. If the user wants to restrict his own files, the proper thing to do would be to have the administrator create additional users for the applications they want separated. With regular UNIX permissions this can be administered.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Slight problem with that

Postby epoch » Tue Jun 03, 2003 8:50 am

I've thought of that, but there's a slight problem that made me think of this solution. If the admin puts those apps in a separate group, that group must have (at least) read access to everyone's home directory, and write access to files or subdirectories. Any vulnerability (even if it can just open files) in the app can then be exploited (even if it's not a real vulnerability, but an app like openoffice, which can open and save files) to write to other users directories.

That aside, I guess I should start searching for other patches that do DACs
epoch
 
Posts: 2
Joined: Mon Jun 02, 2003 1:49 pm


Return to grsecurity development