On Sat, 19 Feb 2000, Rogier Wolff wrote:
>> I agree 100%. However - in this *particular* case, it is only to
>> keep a dumb snoop out of private information. Not to keep a
>> skilled hacker out. Script kiddie hacking, and password snooping
>> is not going to happen here - it isn't that big of a deal. Only
>> a simple solution is needed for this particular case.
>
>Consider it another measure in line with the C2 rating of Linux:
>
>Linux is at C2 of the orange book ratings. This means that accidental
>access to protected information is blocked.
Linux is rated C2? Surely you jest! I'm sure that it is heading
for the day when it would meet C2, but I doubt it does right now.
The reference I have on C2 (not authoritative however) says that
"The environment has the capability to furher restrict users from
executing certain commands or accessing certain files based not
only upon the permissions, but upon authorization levels. In
addition, this level of security requires that the system be
audited. This involves writing an audit record for each event
that occurs on the system"
I don't believe Linux has that capability right now, does it?
Would logging syscalls, and process accounting qualify? What
about authorization levels? Wouldn't that require ACL's?
It also states that "With the use of additional authorizations,
it is posssible for users on a C2 system to have the authority to
perform system management tasks without having the root password.
This enables improved tracking of system administration related
tasks because the individual user performs the tasks and not the
system administrator."
This is kind of vague, but I think the idea behind it is "no root
user".
It then clarifies that these authorizations are NOT the SUID and
SGID permissions that can be applied to a program, rather
specific authorizations that allow a user to execute specific
commands or access certain kernel tables. I read this as meaning
CAPABILITIES. Unfortunately CAPS are not mainstream yet, and I
don't believe Linux can meet C2 even unofficially yet.
Does anyone out there have a standard linux kernel - unpatched
with *NO* root user, or rather no "superuser" of UID 0?
If so, then what I want to do should be plauseable with no kernel
patch because root can be disabled, an divided amongst many
users, etc..
>What Mike is proposing is that a root-user can type "cat
>/encrypted_fs/secretfile". Under standard Linux he'd accidentally see
>the file without a complaint. This is actually contrary to the C2
>rating.
Yes, I agree.
>Whatever mike has in mind, he'll move Linux one step further towards
>the B rating, as prohibiting root-access to these files is a neccesary
>step for aquiring a B rating....
Whoa there! ;o) Lets not jump the gun here! What I'm looking
for currently is a nasty hack that is not secure in anyone's eyes
for serious purposes, but rather just a kludge to blur things
over a couple dummies. That seems simple enough of a hack. The
long term *REAL* solution that I'd like to see - not for my
personal benefit, but for acceptance of Linux for something like
C2, or B1. B1 introduces concepts of top secret, etc. and the
owner of something cannot change permissions on it, etc.. I
certainly wont be coding anything like that because it is WAY
over my head. I won't be prohibiting anyone from anything
personally... One of you guys will be. ;o) I'll just be
stopping a couple lusers from accessing stuff by modifying the
meaning of the immutable flag as a mount option. ;o)
TOTALLY insecure for serious purposes, but this use is not a
serious matter. It's more like stopping kids from watching TV by
hiding the remote control.. ;o) Or putting a password on login
for Win95. I know dumb people who sit there for hours trying to
guess the Win95 password, when a simple click on "Cancel" is all
it takes to get in... ;o)
TTYL
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocateJoin the FreeMWare project - the goal to produce a FREE program in which you can run Windows 95/98/NT, and other operating systems.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST