BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] grsecurity

Subject: [Discuss] grsecurity
From: richard.pieri at gmail.com (Richard Pieri)
Date: Wed, 02 May 2012 00:32:08 -0400
In-reply-to: <4FA09382.9000608@vl.com>
References: <4FA02F77.1060106@vl.com> <4FA04519.7060200@gmail.com> <4FA07074.5@vl.com> <09717A61-017B-4524-9B1A-3CA88B9E0F9F@gmail.com> <4FA09382.9000608@vl.com>

On 5/1/2012 9:53 PM, Tom Metro wrote:
> I got what you meant, but that's a UI or config layer problem. What I'm
> saying is that gsecurity could have used the SELinux (or AppArmor, or
> whatever) Linux Security Module[1] to implement their rules, and wrap it
> with their own UI or config system to make it turn key and less error prone.

No, they couldn't.  SELinux is a mandatory access control (MAC) 
mechanism.  grsecurity implements a rule-based access control (RBAC) 
mechanism.  They're actually very different things despite having so 
much functional overlap.

In the MAC model, resources are given security labels.  Users and 
processes that require access are given corresponding security 
clearances.  Adding a new user to the system entails giving that user 
all of the relevant clearances.  Adding a new resource to the access 
control system entails assigning it an appropriate security label and 
then giving all the relevant users the correct clearance.  MAC is 
granular but it requires expanding administrative overhead as more 
security labels and clearances are implemented.

In the RBAC model, access to resources is encapsulated in roles.  Users 
and processes that require access are given those roles.  Adding a new 
resource to the access control system entails adding it to the 
appropriate roles.  Users who have those roles automatically inherit the 
relevant access.  Encapsulating access control in roles simplifies 
management compared to MAC at the cost of granularity.

That's just scratching the surface.  RBAC can be very flexible in how 
rules are nested and linked.  MAC has extremely fine-grained access 
controls.  Neither is inherently better than the other; they're different.

> Hopefully someone will point out that there was a technical
> justification for not reusing an existing LSM.

LSM is a Linux API for mandatory access control.  It does not provide 
hooks for rule-based access control.  Implementing RBAC in Linux cannot 
be done through LSM.

-- 
Rich P.

References:
- [Discuss] grsecurity
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] grsecurity
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] grsecurity
  - From: tmetro-blu at vl.com (Tom Metro)
- [Discuss] grsecurity
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] grsecurity
  - From: tmetro-blu at vl.com (Tom Metro)

Prev by Date: [Discuss] grsecurity
Next by Date: [Discuss] When you omit rsync '--update' option
Previous by thread: [Discuss] grsecurity
Next by thread: [Discuss] When you omit rsync '--update' option
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org