“There have been a number of recent announcements regarding new
security software and enhancements for Linux. SGI has started
releasing their patches that will hopefully bring Linux “C2” and
“B1″ security ratings, as set out by the DoD Orange book standard.
These additions will not be ready for production use for quite some
time. One of the perceived areas where Linux is behind other
operating systems, such as NT, is in it’s lack of access control
lists (ACL’s). Many would argue, myself included, that ACL’s are a
fine addition to system security if used properly, but because of
their complexity this is often a problem. User’s can end up with
additional access rights to files/directories that they shouldn’t
have. Another problem is that file system controls, even fine
grained ones such as ACL’s, do not easily address what files a
process can and cannot access. Getting a process to run as a
distinct non-root user is sometimes not an easy task and has a
tendency of breaking things like time synchronization software. The
good news is this is exactly what SubDomain addresses.”
“SubDomain is a kernel module that mediates system
calls such as open, and blocks access to other’s that are
classified as “dangerous” (mknod, etc.). The other part is a small
program that administers it, loading and removing configurations.
SubDomain allows you to configure which files a process is
allowed to access, how it is allowed to access them (read / write /
execute), and allows you to manipulate what child processes are
allowed to do.”
“So How Do I Use It? Load the kernel module (subdomain.o) and
then create a SubDomain configuration file, for example the
following file is for XNTPD, which must run as root since it
adjusts the system clock, and uses UDP for data transfer making it
easy to blind spoof the server. …”