secure_channel

关于LINUX安全内核的源代码

Secure Channel
-------------

secure channel is a program to interactive with the user and the protected 
object.  The protected object is protected with DENY,READ,APPEND, then use
LIDS can make a READ/WRITE label to that object. 

take an example,

The web HTML object is stored in /home/httpd/html and is protected as DENY,
and the daemon httpd can READ that document to make the web server running.

lidsadm -A -o /home/httpd/html -j DENY
lidsadm -A -s /usr/sbin/httpd -o /home/httpd/html -j READ

A program named as "webadmin" is labeled by LIDS to write the document, as 
we can use it to update the html pages.

lidsadm -A -s /../webadmin -o /home/httpd/html -j WRITE 

What's the security problem we can solved here.

1) provent Buffer Over Flow in web daemon.

If hacker user BOF to attact the system and got the shell, he can not see anything on the system. If he try to insert "bad" code in the web daemon(httpd) to change the html pages, he will fail for the httpd can only read the html object.

the webadmin is only way to update the pages. but we can program the webadmin 
with security and simple  enough to contain no any BOF in it, it is unlikely for the webdaemon for it is too large and the CGI can not protected.

The intruder use another service's BOF and got a shell, he will find the /home/httpd/html is no exist on the system!! Because that only the httpd can only access the diretory, others can not.

2) the webadmin can use any authentication method and can limited the access 
 original address. In the same time, the httpd is World Wide Access.

3) the webadmin can give diffierent user with diffirence right to update dir in /home/httpd/html/
 
 for examle, Paul can only update the /home/httpd/html/paul/ and Allice can only update /home/httpd/html/allice/. 

 
At this time, we build a secure channel in the system to bypass the LIDS protected. 

-Xie