[rsbac] Isolation of processes
Jörg Lübbert
rsbac@rsbac.org
Fri, 08 Feb 2002 02:07:53 +0100
Hello,
I'd like to hear your opinion about some thoughts of mine.
My aim is to run daemons that can only be terminated or started by a
special user and not root and that these daemons are totally isolated
process/ipc wise.
The only thing I achieved so far is that the process is RSBAC
accessiable by a certain user, but root still needs to start the daemon
and noone can terminate it. Root cannot because he's missing RSBAC
rights (forced role) and the user cannot because he's not the UNIX owner
of the process. Setting the daemon SUID 0 so that a user can start it is
too dangerous imho. or?
So my idea was to create a signal daemon. A UID 0 daemon that listens
for a client request of the users and starts and terminates daemons
appropriately with the corresponding forced role.
I'm now wondering if such a daemon is a wise choice or if there might be
better ideas to achieve what i want and if you think that potential
risks of such a daemon are exceeding the extra security of isolated
processes.
- Jörg
--
Kaladix Linux - The Secure Linux Distribution
URL: http://www.kaladix.org