Re: RFC: New security model secmodel_securechroot(9)

To: Thor Lancelot Simon <tls%panix.com@localhost>, Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>, tech-kern%NetBSD.org@localhost
Subject: Re: RFC: New security model secmodel_securechroot(9)
From: Brett Lymn <brett.lymn%baesystems.com@localhost>
Date: Tue, 12 Jul 2011 09:57:28 +0930

On Mon, Jul 11, 2011 at 08:29:11AM +0100, David Laight wrote:
> 
> One problem is that, historically, unix privileges have always been
> based on a sledgehammer approach - if you don't want everybody to
> be able to do something then only root can do it.
> 

That can and has been fixed in other Unix operating systems.  The
problem is that a lot of people simply cannot see the use of such a
facility not because they are dumb, just that they have not encountered
a situation which could not be addressed with the normal unix
permissions or, perhaps, sudo.

Some things that have been problematic for me in the past with the unix
security model that I have been able to solve using finer grain
permissions are:

1) permitting an ordinary user to run apache on port 80, allowing them
to perform restarts and kill misbehaving daemons without requiring root
access.

2) permitting an ordinary user to run an ldap server on port 389

using the setuid daemon dance makes things awkward when it comes to
trying to kill things off.  Using sudo can be a pain because someone has
to be around to type the password which means you cannot schedule
restarts/kills as an unprivileged user.

Other things it would be useful for would be winding back the number of
setuid utilities on the system - ping could be permitted to open a raw
network interface, at the moment it has to be setuid to do this.

-- 
Brett Lymn
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

References:
- RFC: New security model secmodel_securechroot(9)
  - From: Aleksey Cheusov
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Thor Lancelot Simon
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Jean-Yves Migeon
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Thor Lancelot Simon
- Re: RFC: New security model secmodel_securechroot(9)
  - From: David Laight

Prev by Date: Re: RFC: New security model secmodel_securechroot(9)
Next by Date: Re: RFC: New security model secmodel_securechroot(9)
Previous by Thread: Re: RFC: New security model secmodel_securechroot(9)
Next by Thread: Re: RFC: New security model secmodel_securechroot(9)
Indexes:

Home | Main Index | Thread Index | Old Index