Hi!
I have recently made a restricted-capability system, using
medusa DS9. It has some properties of a TCSEC B3 level system,
and IT WORKS!
There were some little problem though, one is Bug#60303:
The start-stop script of postgresql assumed DAC_SEARCH capability.
Oliver has added the needed changes to his package, and asked
me to raise the capability issue here.
Main point:
Let's define some mechanism which helps the bulders of
trusted systems to
-identify which capabilities the packages need
and exactly where and for which functionality
those capabilities are needed
-minimize the number of needed capabilities
The first point could be achieved by some documentation methods,
for example if a package have /usr/share/doc/<package>/security,
than the file should list which binary needs which capability and
why.
The second point is more difficult: we can say in debian policy that
our goal is to minimize the needed capabilities, and if there is
an easy way to make a capability unneded, the maintainer should
act accordingly.
Documentations:
About capabilities:
http://lwn.net/1999/0422/a/capabilities.html
http://linux.com/security/newsitem.phtml?sid=11&aid=4693
About medusa:
http://medusa.fornax.sk
--
GNU GPL: csak tiszta forrásból
