Examples of next generation ACL-format

Submit your RBAC policies or suggest policy improvements

Examples of next generation ACL-format

Postby netzwurm » Tue Apr 01, 2003 1:56 pm

hey there,
I would like to know if there's any documentation or maybe some axamples of
the next generation ACL-format.
I had a look into the cvs under gradm2/debian-acls/ but those doesn't seem to differ
from the old style.

My problem is, that I am going to write a report on grsecurity and don't want to
be out of date when it's released. So I would like to have a look on grsecurity2.

Is it in a state where testing-usage is possible?

Well, thank you,

David
netzwurm
 
Posts: 3
Joined: Tue Apr 01, 2003 1:51 pm

Postby spender » Tue Apr 01, 2003 2:11 pm

I checked in a new version of gradm2 within the past few days. I threw in a copy of the new ACL format. The new include directive is working as well.

Right now I think the 2.0 kernel works, though I haven't tested it recently...I've just been cross-porting changes from the 1.9.9 tree. If it compiles though, the system should work fine...it just doesn't have the nice features I'm going to implement soon...oh, and you can't disable the system yet. I'm still trying to decide on how to add the gradm ACL automatically, now that there can be multiple administrators. Admin is also not implemented. The basic roles system is there though, it works, and generates some nice debugging for you.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby netzwurm » Tue Apr 01, 2003 2:27 pm

Well, sounds difficult.
What do you think when a usable snapshot of gradm2 will be released (including admin mode
and so on?

Yes, that question _is_ stupid and "when it's ready" is what I expect to hear but I have to
finish my article till 25th of april, so what I want to know if I can deal with the new versions or
if I have to deal with 1.x with previews on 2.x.

I did that before and I can tell you that sucks. Maybe there're any development papers on the new system?

thanks,

David
netzwurm
 
Posts: 3
Joined: Tue Apr 01, 2003 1:51 pm

Postby spender » Tue Apr 01, 2003 2:33 pm

I don't really have any time set for it. I'm not sponsored by anyone at the moment, so it's basically whenever I have time to work on it. If you need me to look over your article, you can mail it to spender@grsecurity.net. If you need it, I can also give you a list of features I plan to implement for 2.0. Most certainly 2.0 won't be finished by the 25th, but I think you'll have plenty of things to write about in 1.9.x if you look in depth enough.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby netzwurm » Tue Apr 01, 2003 2:44 pm

thanks. Of course there's enough to write about in 1.9. I was afraif of being outdated if you release the next time, so I will give some previews about it.

Thanks for your offer, but I don't know how good you german is. Well, thank you for your support till now and thanks for your great work.

so long...

David
netzwurm
 
Posts: 3
Joined: Tue Apr 01, 2003 1:51 pm

Postby spender » Sun Apr 06, 2003 11:39 am

You're in luck. Check out 2.0-pre1. That's the feature set I'm planning to release for grsecurity 2.0. There are a few other features I'd like to eventually add, but those will come after 2.0.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development