Security solution whith Selinux (MAC) ?

[pietinger]

A Computer System needing hundreds of rules is not secure (old egyptian saying, 6.000 B.C.)


Hello everyone,

in the last month I read about SELINUX and its implementation of a mandatory access control (MAC). I also read the source-code of "smack". But it didnt helped me with my Problem.

First of all, I have to explain what I mean with "security" ... for me. Its not, preventing my son from deleting /etc/*. Linux can handle this with its DAC quite well. I alos need no Bell LaPadula-modell. Security means (for me): Preventing me from evil (and/or buggy) programms (applications, apps), doing things I dont want. I thought a lot about how I would be able to transfer my wish/-es into some rules for linux. (I will use the subject/object-model from MAC):

1. I want to browse my /home/peter/topsecret.txt-file
=> Peter (subject) -> evil_Browser (object/subject) -> txt-file (object) = OK
2. I want to browse the Web and visit "www.nsa.gov"
=> Peter (subject) -> evil_Browser (object/subject) -> Internet (object) = OK
3. I DONT want my "evil_browser" is able to send my file over tcp/ip when unsing it
=> Peter (subject) -> evil_Browser (object/subject) -> txt-file (object) -> Internet (object) = NOK

So, it is no solution denying me from accessing my files or accessing the browser-app. It is also no solution denying the browser from accessing the internet or my files. (Or using 2 different apps). The only solution I see is seperating the objects "Internet" and "secret.txt-file". So, when I am working in "domain "secret"", browsing my files is OK, but there is no chance for me (and the app) for sending something, and when I am working in domain "world" browsing the internet is ok, but no acces to my files. How can I translate this in some rules ?

[Ant P.]

Run the browser as a separate user. Or use firejail. Or read the source code of chromium's seccomp+ns sandboxing and decide whether that covers your threat model.

[pietinger]