Firewall Wizards mailing list archives

RE: Trusted Unices Aren't?

From: ICMan <shane_mason () securecomputing com>
Date: Mon, 26 Oct 1998 10:52:30 -0500

B1 and below do not require breaking up root.  B2 and above do.  It

really

has nothing to do with the MLS model.  I believe that CMW+ *does* break

up

root, but I'm not sure of that.  It may also be a configuration option.


"breaking up root" in kernel is useless if you keep running utilities
and daemons suid root..


That really depends on how root is broken up.  If a separate protection 
mechanism is built into the kernel and all environments, then processes can 
be segregated.  Even system calls can have attributes attached to them. 
 This is a lot of work, but it can certainly be done.

Read "Type Enforcement for Firewalls" at 
http://www.securecomputing.com/TE_WP.pdf

It's not a terribly technical document, but it explains the structure of a 
protection mechanism that restricts the privileges of the root user.  root 
is still root, but can only effect portions of the system at a time, and 
other portions of the system are still unavailable for root to access.

ICMan

Current thread:

Re: Trusted Unices Aren't?, (continued)
- - - Re: Trusted Unices Aren't? Rick Smith (Oct 28)
    - Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
    - Re: Trusted Unices Aren't? dreamwvr (Oct 29)
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
  - Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
  - RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
  - Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
    - Message not available
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- RE: Trusted Unices Aren't? ICMan (Oct 28)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 29)
  - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)