Security Portal: SubDomain - Security Software for LinuxApr 26, 2000, 09:21 (2 Talkback[s])
(Other stories by Kurt Seifried)
"There have been a number of recent announcements regarding new security software and enhancements for Linux. SGI has started releasing their patches that will hopefully bring Linux "C2" and "B1" security ratings, as set out by the DoD Orange book standard. These additions will not be ready for production use for quite some time. One of the perceived areas where Linux is behind other operating systems, such as NT, is in it's lack of access control lists (ACL's). Many would argue, myself included, that ACL's are a fine addition to system security if used properly, but because of their complexity this is often a problem. User's can end up with additional access rights to files/directories that they shouldn't have. Another problem is that file system controls, even fine grained ones such as ACL's, do not easily address what files a process can and cannot access. Getting a process to run as a distinct non-root user is sometimes not an easy task and has a tendency of breaking things like time synchronization software. The good news is this is exactly what SubDomain addresses."
"SubDomain is a kernel module that mediates system calls such as open, and blocks access to other's that are classified as "dangerous" (mknod, etc.). The other part is a small program that administers it, loading and removing configurations. SubDomain allows you to configure which files a process is allowed to access, how it is allowed to access them (read / write / execute), and allows you to manipulate what child processes are allowed to do."
"So How Do I Use It? Load the kernel module (subdomain.o) and then create a SubDomain configuration file, for example the following file is for XNTPD, which must run as root since it adjusts the system clock, and uses UDP for data transfer making it easy to blind spoof the server. ..."