[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop
Ted Gould
ted at gould.cx
Wed Jan 30 13:47:50 CST 2008
On Mon, 2008-01-28 at 13:48 -0600, Chris Cox wrote:
> Ted Gould wrote:
> > On Fri, 2008-01-25 at 18:37 -0600, Chris Cox wrote:
> >> SELinux... sheesh...
> >> must die.
> >
> > Is unlikely to ever happen as many Gov't contracts require this level of
> > security. I actually believe that this level of security will catch on
> > in corporate culture as soon as "CEO Magazine" publishes an article
> > something like this:
> >
> > IT worker finds out about layoff by reading CEO's e-mail.
>
> Sure, in a niche application, anything is possible. But configuration
> at a fine granularity >99% (IMHO) leads to lack of use.
>
> > Whistle blower in IT department tells police how truly evil executives
> > are by reading their e-mail.
>
> Oh.. and of course those trivial examples are easily done without
> something like SELinux.
Actually, no. As long as there is a "User 0" that has full access to
the system and an administrator needs that access to do his or her job
this can't be achieved. It's not really a permissions issue. No
offense but, if it was really that simple I'm sure the folks at the NSA
would have just chosen that way of protecting data.
> >> We'll have to see how PolicyKit comes out. I may be
> >> very useful. Or it could be the UCE of Linux, not enough
> >> benefit to be useful (especially if painful to configure or if
> >> it doesn't make sense).
> >
> > Considering that PolicyKit is mostly targeting desktop policy, I doubt
> > that most of the configurations will be very complex. Mostly I see the
> > PolicyKit settings to be "If local user" and "If an administrator." The
> > big gains with policy kit become the removal of gtksu and friends as an
> > easy attack vector.
>
> Agreed, I can see that... but it's certainly not going to solve
> the device problem. Might move it around a bit.
>
> Of course, now it sounds like PolicyKit is just another (unneeded) layer
> on top of SELinux, sudo, etc. Sigh. Time better spent fixing
> flat tires rather than replacing the good ones with even better ones.
The problem is that none of the security mechanisms allow specific
feature level permissions. Let's say for instance you would like to
allow users to install any package in your repository of approved
packages but not allow them to install any program off of the Internet.
That's essentially unavailable. While that example might not seem
useful similar issues arise with network configuration with wireless
keys, etc.
While other tools could be built to do this on their own, PolicyKit
provides a way to do this on all DBUS entries thus separating the
implementation of the feature from the security. Let the security
people worry about policy.
I hope that someday something like PolicyKit will replace sudo, gtksu
and friends. Most people will hopefully never need to gain "root" on
their machines. They can ask services with the appropriate level of
permissions to do things for them in a standard way. This also means
that those services can run in more restricted contexts.
--Ted
More information about the Discuss
mailing list