Firewall Wizards mailing list archives
RE: Trusted Unices Aren't?
From: ICMan <shane_mason () securecomputing com>
Date: Mon, 26 Oct 1998 10:52:30 -0500
B1 and below do not require breaking up root. B2 and above do. It
really
has nothing to do with the MLS model. I believe that CMW+ *does* break
up
root, but I'm not sure of that. It may also be a configuration option."breaking up root" in kernel is useless if you keep running utilities and daemons suid root..
That really depends on how root is broken up. If a separate protection mechanism is built into the kernel and all environments, then processes can be segregated. Even system calls can have attributes attached to them. This is a lot of work, but it can certainly be done. Read "Type Enforcement for Firewalls" at http://www.securecomputing.com/TE_WP.pdf It's not a terribly technical document, but it explains the structure of a protection mechanism that restricts the privileges of the root user. root is still root, but can only effect portions of the system at a time, and other portions of the system are still unavailable for root to access. ICMan
Current thread:
- Re: Trusted Unices Aren't?, (continued)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Message not available
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 27)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)