[rsbac] Isolation of processes

Jörg Lübbert rsbac@rsbac.org
Fri, 08 Feb 2002 02:07:53 +0100


Hello,

I'd like to hear your opinion about some thoughts of mine.

My aim is to run daemons that can only be terminated or started by a 
special user and not root and that these daemons are totally isolated 
process/ipc wise.

The only thing I achieved so far is that the process is RSBAC 
accessiable by a certain user, but root still needs to start the daemon 
and noone can terminate it. Root cannot because he's missing RSBAC 
rights (forced role) and the user cannot because he's not the UNIX owner 
of the process. Setting the daemon SUID 0 so that a user can start it is 
too dangerous imho. or?

So my idea was to create a signal daemon. A UID 0 daemon that listens 
for a client request of the users and starts and terminates daemons 
appropriately with the corresponding forced role.

I'm now wondering if such a daemon is a wise choice or if there might be 
better ideas to achieve what i want and if you think that potential 
risks of such a daemon are exceeding the extra security of isolated 
processes.

- Jörg

-- 
Kaladix Linux - The Secure Linux Distribution
URL: http://www.kaladix.org