|
| From: | Calin A. Culianu |
| Subject: | [Dazuko-devel] Comments on TAF |
| Date: | Sun, 27 Mar 2005 12:13:58 -0500 (EST) |
Questions:I have a question: so once an app is trusted, is that attribute basically limited to that particular process? Is this by pid? What happens after an exec call? What if the app is multi-threaded (with cases such as: more than one PID on linux, or just one pid on say FreeBSD)?
Comments:I like the TAF, but do you think it could be modified to be easier to use with apps that aren't aware of dazuko?
Ie: it would be nice to make apps that have no concept of dazuko be trusted. Apps you didn't write and don't have the sourcecode to.
One way this could be accomplished is: Add the concept of apriori trustworthiness.
For instance: have the dazuko process (the one that calls dazukoRegister, etc) tell dazuko ahead of time what applications it trusts. Say, based on exe image path, based on UID, based on process group, and possibly other criteria?
The reason this would be useful is that currently the TAF requires apps that wish to be trusted to be dazuko-aware (after all they have to read/write to/from /dev/dazuko). Sometimes that is not always desireable -- perhaps you want to have, say, a whole class of apps that you didn't write and don't have the sourceode to, be trusted so they don't generate dazuko events you aren't interested in.
This idea could be inverted a different way: perhaps it could be possible to give dazuko a finer-grained idea of what apps you are interested in getting events from, rather than just includes/exclude paths (which of course are a fundamental criterion!).
Perhaps the default is you get all events, but you can tell dazuko to narrow it down to specific subsets of uid, pid, pgid, exe image, (and combinations thereof), etc.
Those are my two cents.. what do you think? -Calin
| [Prev in Thread] | Current Thread | [Next in Thread] |