From: <shinya1.takumi@toshiba.co.jp>
To: <serge@hallyn.com>, <jmorris@namei.org>,
<linux-security-module@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: RE: [RFC v3 0/2] WhiteEgret LSM module
Date: Thu, 5 Apr 2018 06:40:36 +0000 [thread overview]
Message-ID: <OSBPR01MB21847D1D8A8BC8458CBAD39592BB0@OSBPR01MB2184.jpnprd01.prod.outlook.com> (raw)
In-Reply-To: <20180401200827.GA28101@mail.hallyn.com>
I am one of developers of WhiteEgret.
> regardling the last one, do you have a plan for handling it?
Yes, we have a plan to release WhiteEgret v4 patch with a WEUA sample of access control for script programs.
The latest WhiteEgret cannot control script programs since script files read by an interpreter are not hooked by the execve system call.
We consider that script programs can be controlled by controlling the files inputted by interpreters, accordingly.
We consider that the control can be realized using the read system call hooking.
Now, we are developing WhiteEgret with the read system call hooking and WEUA which controls the script files to be read to interpreters using information from the read system call hooking and white list.
-----Original Message-----
From: owner-linux-security-module@vger.kernel.org [mailto:owner-linux-security-module@vger.kernel.org] On Behalf Of Serge E. Hallyn
Sent: Monday, April 2, 2018 5:08 AM
To: koike masanobu(小池 正修 TDSL (ISEC)[SEC運]) <masanobu2.koike@toshiba.co.jp>
Cc: jmorris@namei.org; serge@hallyn.com; linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org
Subject: Re: [RFC v3 0/2] WhiteEgret LSM module
Quoting Masanobu Koike (masanobu2.koike@toshiba.co.jp):
...
> Assumptions and ToDos
>
> At this stage, WhiteEgret assumes the following.
> Relaxing these assumptions are future works.
> - Root is not compromised. And using a whitelist and a WEUA requires
> root privilege.
> - WEUA is reliable.
> - It is allowed for scripting languages, e.g., Perl or Python, to read
> arbitrary scripts and to execute them.
Hi,
regardling the last one, do you have a plan for handling it?
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-04-05 7:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-30 8:30 [RFC v3 0/2] WhiteEgret LSM module Masanobu Koike
2018-04-01 20:08 ` Serge E. Hallyn
2018-04-05 6:40 ` shinya1.takumi [this message]
2018-04-08 15:51 ` Serge E. Hallyn
2018-04-13 4:30 ` shinya1.takumi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OSBPR01MB21847D1D8A8BC8458CBAD39592BB0@OSBPR01MB2184.jpnprd01.prod.outlook.com \
--to=shinya1.takumi@toshiba.co.jp \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).