October 16th, 2003, 12:20 PM
SE-Linux (root play)
I am frequently being asked questions about both how security in trusted operating systems (TOS) works and if SE-Linux is the same as other hardened Linux distros. While catching up on some reading of the Linux Journal (August issue at that) I came across the attached PDF (~20kb) document.
Although SE-Linux is not technically a TOS it incorporates a few common TOS mechanisms that do not typically appear in standard operating systems, such as mandatory access controls (MAC) and security compartments/domains. This article discusses these mechanisms on more of a nuts and bolts use/configuration/exception level than most available documents which simply discuss them in a conceptual/formal/abstract documentation level. I feel this will be of more use to the introductory/novice TOS user.
Additionally as this document uses SE-Linux specifically for these examples I believe it will give the casual reader a clearer understanding of both SE-Linux in particular and extended Linux/UN*X access control models in general. The author does this by discussing a play system he established running at first a near default SE-Linux configuration and then later a slightly more modified one he allows ALL users to operate as UID:0 (root) and granted them legal permission to compromise the system confidentiality/integrity in anyway they could. (availablity/DoS attacks were of course not allowed, not that users listened)
Although SE-Linux is an incomplete project that is not scheduled to even be continued, much less completed, I feel that this represents a tremendous leap forward for Linux security. However kernel changes are made so it is debatable if the system is still technically Linux (as this modified kernel was not made available by kernel.org and this has tended to be the traditional definition of what Linux since kernel.org's inception.), but for the purposes of this document it is close enough.
I am quite familiar with SE-Linux, Flask, and Flux (which is MACH based so I wouldn't be surprised if we see SE-OSX project in the future, which with its microkernel architecture will be inherently more secure than SE-Linux) so if you have any further questions, feel free to ask.