[BBLISA] Secure, authenticated file serving to untrusted clients
Tom Metro
tmetro+bblisa at vl.com
Sun Apr 19 01:32:54 EDT 2009
Dean Anderson wrote:
> Michael Sprague wrote:
>> ...couldn't you use something like grsecurity or selinux to prevent
>> even root from doing anything bad to the network attached storage?
>
> "No, they won't help if root can't be trusted". The reason is that once
> you have kernel loader privilege, you can alter the kernel to circumvent
> whatever security has been added to it...
Your answer may be correct, but I'm not sure it is relevant in the
context of the original question.
If the original question is about providing access to a file system over
a network where the remote *clients* don't have a secure and trusted
root, then obtaining "kernel loader privilege" on the server is not
likely to happen.
Where SELinux comes into play is if you want to retain some of the
behaviors you get when you configure NFS to be cooperative with root
users on the client machines, but want finer grain control over what
those users can do. In this case you use SELinux to clamp down on what
the NFS server is capable of doing, and the clients can't bypass that
security as long as the server isn't breached.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the bblisa
mailing list