Comments for Useful Security http://www.usefulsecurity.com Solving real security problems that matter to real users Thu, 11 Mar 2010 15:59:05 +0000 http://wordpress.org/?v=2.6.1 Comment on Apple Sandboxes Part 2 by Jabbering Giraffe » sandbox(7) http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-2/#comment-102 Jabbering Giraffe » sandbox(7) Tue, 02 Jun 2009 20:17:30 +0000 http://www.usefulsecurity.com/?p=22#comment-102 [...] Apple Sandboxes Part 2 [...] [...] Apple Sandboxes Part 2 [...]

]]> Comment on Apple Sandboxes Part 1 by Jabbering Giraffe » sandbox(7) http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-1/#comment-101 Jabbering Giraffe » sandbox(7) Tue, 02 Jun 2009 20:12:38 +0000 http://www.usefulsecurity.com/?p=21#comment-101 [...] Apple Sandboxes Part 1 [...] [...] Apple Sandboxes Part 1 [...]

]]> Comment on Preventing Disclosure by c-had http://www.usefulsecurity.com/2007/08/preventing-disclosure/#comment-39 c-had Fri, 12 Sep 2008 03:18:25 +0000 http://www.usefulsecurity.com/?p=15#comment-39 Marcelo: The example above does not place any requirements on the end user. Authentication is performed by the web application itself, and that web application controls access to its data. The point of the above is that I used SELinux to prevent any other web app from accessing this web app's private data. Note that there are ways to utilize remote SELinux contexts between two cooperating SELinux systems, but they are not useful in your average web application due to that need to have cooperating systems. This is a much simpler example. If you're interested in using remote SELinux contexts between SELinux systems to enforce multi-system policies, I suggest you check out http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinux/ Marcelo:
The example above does not place any requirements on the end user. Authentication is performed by the web application itself, and that web application controls access to its data. The point of the above is that I used SELinux to prevent any other web app from accessing this web app’s private data.

Note that there are ways to utilize remote SELinux contexts between two cooperating SELinux systems, but they are not useful in your average web application due to that need to have cooperating systems. This is a much simpler example. If you’re interested in using remote SELinux contexts between SELinux systems to enforce multi-system policies, I suggest you check out http://securityblog.org/brindle/2007/05/28/secure-networking-with-selinux/

]]> Comment on Preventing Disclosure by Marcelo http://www.usefulsecurity.com/2007/08/preventing-disclosure/#comment-38 Marcelo Wed, 10 Sep 2008 13:22:26 +0000 http://www.usefulsecurity.com/?p=15#comment-38 I would like to know if, in order for this example to run properly, the web page user should also be running a system with SELinux, or it could be any client. How, is the authentication done if the user is not using SELinux? How do you know his SecurityContext? Or you solved the authentication in a DAC way? Thanks! I would like to know if, in order for this example to run properly, the web page user should also be running a system with SELinux, or it could be any client.
How, is the authentication done if the user is not using SELinux? How do you know his SecurityContext? Or you solved the authentication in a DAC way?
Thanks!

]]> Comment on Apple Sandboxes Further Use by security and more » more access control http://www.usefulsecurity.com/2008/06/apple-sandboxes-further-use/#comment-34 security and more » more access control Mon, 30 Jun 2008 22:54:11 +0000 http://www.usefulsecurity.com/?p=24#comment-34 [...] McMillan and Chad Sellers have both some nice blog entries [2] due to the recent OS X trojaner: They both sign the need of more restrictive and finer grained [...] [...] McMillan and Chad Sellers have both some nice blog entries [2] due to the recent OS X trojaner: They both sign the need of more restrictive and finer grained [...]

]]> Comment on Apple Sandboxes Part 1 by Mental Rootkit - OS X Malware http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-1/#comment-33 Mental Rootkit - OS X Malware Thu, 26 Jun 2008 20:54:29 +0000 http://www.usefulsecurity.com/?p=21#comment-33 [...] sandbox policies he is referring to are the new security mechanisms in 10.5 based on the TrustedBSD project, a sister project to SELinux. Dino makes several other good [...] [...] sandbox policies he is referring to are the new security mechanisms in 10.5 based on the TrustedBSD project, a sister project to SELinux. Dino makes several other good [...]

]]> Comment on Apple Sandboxes Part 1 by c-had http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-1/#comment-29 c-had Fri, 07 Dec 2007 22:09:24 +0000 http://www.usefulsecurity.com/?p=21#comment-29 I don't think I quite understand your comment. Most user applications (including at least iTunes, QuickTime, and iLife) run as non-root users. If they're using Mach system calls, then they have the appropriate mach port rights to do so (note that Mach does not utilize the UNIX UID concept, but rather utilizes the Mach port capability system. More info here - http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Concepts/chapter_3_section_9.html). More importantly, the new sandbox mechanism is an orthogonal mechanism to the current UNIX DAC model and the Mach port model, so sandbox policies can be applied (in a flexible way) regardless of whether the process is running as root. If you look at my examples in the second part of this post, those can be run as a regular user or as root and receive the same confinement. With sandboxes, root doesn't actually matter. I don’t think I quite understand your comment. Most user applications (including at least iTunes, QuickTime, and iLife) run as non-root users. If they’re using Mach system calls, then they have the appropriate mach port rights to do so (note that Mach does not utilize the UNIX UID concept, but rather utilizes the Mach port capability system. More info here - http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Concepts/chapter_3_section_9.html).

More importantly, the new sandbox mechanism is an orthogonal mechanism to the current UNIX DAC model and the Mach port model, so sandbox policies can be applied (in a flexible way) regardless of whether the process is running as root. If you look at my examples in the second part of this post, those can be run as a regular user or as root and receive the same confinement. With sandboxes, root doesn’t actually matter.

]]> Comment on Apple Sandboxes Part 1 by Joseph http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-1/#comment-28 Joseph Fri, 07 Dec 2007 19:43:43 +0000 http://www.usefulsecurity.com/?p=21#comment-28 The reason apple has selected for an opt-in style of sandboxing is because much of the MACH related system calls expect to have root level access and since much of the OS and supported apps (include iTunes, QuickTime, iLife, ARD, etc) use the mac system and these "private api"s (which also expect root access) it would be impossible for Apple to roll this interface out as a required interface for at least 1 or 2 more OS releases from now. The reason apple has selected for an opt-in style of sandboxing is because much of the MACH related system calls expect to have root level access and since much of the OS and supported apps (include iTunes, QuickTime, iLife, ARD, etc) use the mac system and these “private api”s (which also expect root access) it would be impossible for Apple to roll this interface out as a required interface for at least 1 or 2 more OS releases from now.

]]> Comment on Montavista Vision 2007 by c-had http://www.usefulsecurity.com/2007/10/montavista-vision-2007/#comment-6 c-had Thu, 11 Oct 2007 13:24:33 +0000 http://www.usefulsecurity.com/?p=19#comment-6 Thanks for the comment. We all really appreciate the work you guys are doing in Japan for SELinux on embedded devices. Anyone who wants to use SELinux in the embedded space will benefit. I personally am very grateful for the sebusybox work and all the modifications to the libraries and kernel (such as the improved read/write performance patches) to make embedded SELinux possible. Thanks for the comment. We all really appreciate the work you guys are doing in Japan for SELinux on embedded devices. Anyone who wants to use SELinux in the embedded space will benefit. I personally am very grateful for the sebusybox work and all the modifications to the libraries and kernel (such as the improved read/write performance patches) to make embedded SELinux possible.

]]> Comment on Montavista Vision 2007 by Yuichi Nakamura http://www.usefulsecurity.com/2007/10/montavista-vision-2007/#comment-5 Yuichi Nakamura Thu, 11 Oct 2007 04:31:26 +0000 http://www.usefulsecurity.com/?p=19#comment-5 oops, woring -> working .. oops, woring -> working ..

]]>