[prev in list] [next in list] [prev in thread] [next in thread]
List: lids-user
Subject: [lids] configuration file
From: w.j.hengeveld
Date: 1999-10-24 18:26:45
[Download RAW message or body]
I order to support more complex restrictions, the configuration file
format
should be extended.
here are some ideas
1) for each restriction you can specify what files this should apply to.
---------------------------------------------
section allow read
/etc/passwd
section allow read, execute
/bin
section allow read, append
# or another way of putting it:
section deny modify
/etc
-------------------------------------------------
2) for each file you specify the restrictions
-------------------------------------------------
/etc/passwd allow(read)
/bin allow(read, execute)
/var/log allow(read, append)
/dev/kmem allow(read)
/dev deny(rmdir)
/tmp allow(readwrite)
/etc deny(write)
/etc/utmp allow(readwrite)
---------------------------------
3) maybe both formats should be allowed.
the access types are defined in another section, where is specified
which systemcalls this translates to.
define read
sys_open(O_RDONLY)
sys_stat
sys_fstat
sys_read
sys_lseek
define append
sys_open(O_RDONLY, O_APPEND)
sys_stat
sys_fstat
sys_read
sys_write
** I think that maybe this last configuration is something for a later
version,
and first we just apply some predefined standard systemcall-sets.
willem
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic