81430 2002-10-16  20:21  /36 rader/ Bosko Radivojevic <bole@bolex.bolex.co.yu>
Importerad: 2002-10-16  20:21  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <1961>
Ärende: Linux Security Protection System
------------------------------------------------------------
LinSec team is proud to announce the first stable release of LinSec.

LinSec, as the name says, is Linux Security Protection System. The
main aim of LinSec is to introduce Mandatory Access Control (MAC)
mechanism into Linux (as opposed to existing Discretionary Access
Control mechanism).  LinSec model is based on:

    * Capabilities
    * Filesystem Access Domains
    * IP Labeling Lists
    * Socket Access Control

As for Capabilities, LinSec heavily extends the Linux native
capability model to allow fine grained delegation of individual
capabilities to both users and programs on the system. No more
allmighty root!

Filesystem Access Domain subsystem allows restriction of accessible
filesystem parts for both individual users and programs. Now you can
restrict user activities to only its home, mailbox etc. Filesystem
Access Domains works on device, dir and individual file granularity.

IP Labeling lists enable restriction on allowed network connections
on per program basis. From now on, you may configure your policy so
that no one except your favorite MTA can connect to remote port 25

Socket Access Control model enables fine grained socket access
control by associating, with each socket, a set of capabilities
required for a local process to connect to the socket.

LinSec consists of two parts: kernel patch (currently for 2.4.18) and
userspace tools.

Detailed documentation, download & mailing list information -
http://www.linsec.org
(81430) /Bosko Radivojevic <bole@bolex.bolex.co.yu>/(Ombruten)