Great Circle Associates Firewalls
(October 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: MISSI
From: mjr @ tis . com
Date: Sun, 16 Oct 94 12:35:50 -0400
To: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Cc: "firewalls @ greatcircle . com"@uvs1.dnet.mmc.com 
A. Padgett Peterson, P.E. Information Security writes:
> ps despite spending considerable time in the Sidewinder suite (and enduring
>    a distinct lack of Captain Morgan - they thought I was asking about
>    Morgan Death) I *still* do not know what is meant by "Type Enforcement".
 
	Type enforcement (at TIS we call it DTE: Domain/Type enforcement)
is a means of specifying permissions on a system. Basically, it lets you
apply arbitrarily fine granularity permissions to processes, files, etc.
It really depends a lot on the implementation, and as such it's hard to
tell what SCC has accomplished.

	How does it relate to firewalls?

	Well, in practical terms, it's fairly useful. Let's suppose I
create a domain for sendmail to run in and make the sendmail executable
run within it. Then I place /bin/mail as the only *executable* file on
the system in that domain, and make /etc/aliases.{dir/pag} writeable,
along with directory /var/spool/mqueue. Then I leave a few other files
as readable such as /etc/passwd (not the shadow one, though) and resolv.conf
etc -- you get the idea. It's a useful model for restricting the types
of things that categories of software can do on a system. In theory, if
the type enforcement is properly implemented in the kernel, then anything
above it can rely on it with absolute confidence, much as the way we
trust "chroot" to work properly.

	The gotcha is the implementation -- I suspect that with any
system like type enforcement, there are a *LOT* of very important
details. Such as: where are the extended permissions information
stored? How is it protected? How is it defined? How is it managed?
Is it set up *correctly*??  UNIX can be a very secure operating system
if it's set up correctly. I'm sure type enforcement can help a lot,
but again it has to be deployed correctly and the permissions have
to be "right" for you to gain any protection from them.

	Definitely, it's a nice tool for making one's system more
secure. I wish I knew how SCC uses it on their firewall. Presumably,
some of their application relay run under separately typed domains
or something like that. Until we know more details, it's still just
hype as far as I can tell.

mjr.
Indexed By Date Previous: Re: please keep email to a minimum
From: Steve Simmons <scs @ lokkur . dexter . mi . us>
Next: Sidewinder and Virus Scans
From: Earl Boebert <boebert @ sctc . com>
Indexed By Thread Previous: MISSI
From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Next: RFC 1597 & RFC 1627
From: Tony Li <tli @ cisco . com>
Google
 
Search Internet Search www.greatcircle.com