grsecurity forums

[epoch]

I've been thinking of ways of 'paranoia-ifying' my system even further than grsecurity, and have come up with an interesting idea. Would it be possible to extend grsecurity ACLs to allow user control over his/her own files? As in, have the master ACLs, and each user can control another set of ACLs on top (but not overriding) the master ACLs, to protect his/her files from malicious programs/scripts.

[spender]

It's possible. I won't be doing that though, as it's not MAC, but DAC (the user controls access to his files). Though somewhat along those lines, grsecurity 2.0 supports user/group/special roles that either do or don't require authentication. If the user wants to restrict his own files, the proper thing to do would be to have the administrator create additional users for the applications they want separated. With regular UNIX permissions this can be administered.

-Brad

[epoch]

I've thought of that, but there's a slight problem that made me think of this solution. If the admin puts those apps in a separate group, that group must have (at least) read access to everyone's home directory, and write access to files or subdirectories. Any vulnerability (even if it can just open files) in the app can then be exploited (even if it's not a real vulnerability, but an app like openoffice, which can open and save files) to write to other users directories.

That aside, I guess I should start searching for other patches that do DACs