> In the highest level you may also want :
>
> - Making sysklogd and klogd immutable
--- Das ok. With mount, I can just mount over the top of them, killoff current ones, restart my new ones.> > > > The system can't smell what is good and what is bad. These issue above are > > > company policy... > > --- > > The system can be programmed with responses. Generic ones like if luid==daemon > > and uid==root, and program not in {allowed set}, kill process and log event. Each company > > can define their own rules. The system mearly has the tools to *support* policy -- > > you are right in that it can't *decide* police -- but it can be programmed to *enforce* > > policy. We just need to make sure the features are in the kernel to support such policy. > > Nice, but that means using absolute paths in the kernel.. Yuk.. --- That would be horrible. I'd have anything w/pathnames in a userspace daemon -- but the kernel still needs to emit the event that a process w/luid=daemon and uid=root exec'ed some program. Then the user-land daemon handles the table of 'baddies'. Alternatively we get MAC in place. Just using 'Integrity: level=deamon, class=deamon" for all daemon executable files and then set the integrity level the same on user-land daemons. Then the OS will automatically disallow execution of any program not marked with the proper Integrity label. Labels can only be changed with CAP_MAC_OVERRIDE which wouldn't be set for userland daemons.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:12 EST