[rsbac] Conditional rules
Javier Martínez
tazok.id0 at gmail.com
Sun Jun 8 12:28:43 CEST 2008
2008/6/8, Javier Martínez <tazok.id0 en gmail.com>:
> If it couldn't what about some kind of mechanism to change a role in a
> point of the execution¿?. think in systrace, we know all the syscalls
> that a program make, and it's order and we want to actively change the
> role when for example it reach to the LISTEN request for example.
>
One more question related with this, this funcionality could be useful
to, for example, limit a bit more the damage that one dangerous
library can do (openssl for example), we could mark the entry at some
request (as the MAP_EXEC one or the READ_OPEN one) changing the active
role to openssl very limited one, and when it has done their job mark
the return to the caller role at request XXXXX to change back to the
original role).
More information about the rsbac
mailing list