[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root access removed



On Tuesday 11 May 2004 05:54, Ben Stringer wrote:
> It may be his memstick, but when it is mounted, it becomes one of the
> filesystems available to the operating system. If a user  decided they
> wanted their memory stick to mount somewhere under "/etc", they could
> simply subvert system security, controls or existing configuration. This
> is why a mount should require system authorisation. This is fundamental
> security and trading it off for convenience is just that - a trade-off.
> It is your decision - just be sure  you are aware of what you sacrifice
> for the convenience.

So then why should I as a user not be allowed to mount under my home 
directory?  This is something that SELinux will help with, I think.  I can 
then set a policy to allow me to mount a filesystem under my home (but not 
anywhere else!).  Is this not the solution?

Likewise, for CD burning it is necessary to be very careful.  CD and DVD 
burning require a very low-level access to the drive; low enough of a level 
to be able to flash the drive's firmware, even.  Well, the current k3b setup 
with FC2 does not require root access.  I simply burn the CD/DVD just like as 
in windows from my ordinary user.

Changing network settings is another place, but even under Windows XP you are 
limited as a normal user what you can do in networking.  But there are some 
things that you CAN do, like setting up a dialup networking connection.  I 
should not have to have the root password to set up a personal DUN/PPP 
connection, and the config files for my personal connection should not reside 
in /etc/sysconfig.  There are things that should belong to the individual 
users, and not to the system.  WinXP allows you to specify that for DUN 
connections: make it available to all users on the machine or keep it 
private.  I'd LOVE to see user-private PPP connections for my kids' PC, so 
that my wife can connect without needing a password, for instance, but my 
kids cannot, and they can even use different connection profiles, etc.

But at the same time I as a a multiuser sysadmin (or even in administering 
laptops) should be able to configure to disallow those sorts of things: I 
might need to require my laptop users (who are using company equipment) to 
use OUR dialup, and disallow any changes.  Something like Windows Policy 
Editor allows for that; SELinux should be able to handle all that easily, if 
the policies are set up properly.

It is a fine line between things that belong to the system (and require root) 
and things that belong to the user.  The statement being made, as I 
understand it, is that more needs to belong to the user and less to the 
system, where that does not compromise system-level security.  But, at the 
same time, there are users whose systems DO NOT NEED what I would consider 
minimal security.  The example given is one of those situations.

So, I'd like to see a 'Power User' setting available for SELinux that would 
allow many things that would not compromise network-connected security to be 
done by ordinary users, like mounting a filesystem under their home (given 
that they have permissions to mount that filesystem; you don't want remounts 
of / or /boot, for instance).
-- 
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]