ACL's dependent on runlevel and sealing kernel at boot time

Submit your RBAC policies or suggest policy improvements

ACL's dependent on runlevel and sealing kernel at boot time

Postby szpak » Mon Apr 07, 2003 6:22 am

Little idea ;-)

Background:
When booting system, first kernel is loading, then device setup & testing, booting procedure, and then /sbin/init is called
To time when in /etc/inittab grsecurity ACL's not enabled by gradm -E system is not protected by ACL's

Idea:
Enable grsecurity at boot time, as a parameter passed to kernel like vga=ask or ide-scsi
Make possibility to have different ACL's to different runlevels and base /etc/grsec/acl for running system
I think that support for ACL's in initrd can be usefull to, specially for little systems that use initrd for initial configuration. That can be made only by looking in initrd image for /etc/grsec/acl

What do You think ?
szpak
 
Posts: 10
Joined: Wed Mar 26, 2003 7:08 am

Postby spender » Mon Apr 07, 2003 11:48 am

Can't be done. We have to perform the ACL parsing and analysis from userspace. There is little to be gained by starting the ACL system that early, and in fact, it makes the system as a hole less secure while it's running, since to get your applications to run correctly, you have to give them the additional privilege they need to start up, stop, etc. If you are allowing the init scripts to do this, then you're allowing an attacker to do the same with the init scripts. That's why I believe it's better to start gradm after everything has booted, since it allows you to tighten down the permissions on each process on the system better, and as long as your init scripts are properly protected (as gradm enforces) there should be no problem with letting the init scripts run at bootup without any protection (provided that you always keep the ACL system enabled while the system is running so that your init scripts aren't trojaned).

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby szpak » Tue Apr 08, 2003 4:13 am

Okey... I see. But that means that fs, data & programs that runing from initrd can't be protected too? :( [/img]
szpak
 
Posts: 10
Joined: Wed Mar 26, 2003 7:08 am

Postby spender » Tue Apr 08, 2003 8:59 am

If you're worried about that, then you're worried about local users breaking into your system, in which case they can just steal the harddrive or whatnot.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development