previously on this list Matthew Weigel contributed: > > 1. Why doesn't OpenBSD have something like RBAC? > > RBAC has a lot more knobs to tweak, so you can always go back after a > security incident and say "aha! I need to tweak *that* knob to prevent > this next time!" But it has a steep learning curve, and everything you > don't know about how your RBAC is configured is as much a problem as > everything you got wrong. Most people use RBAC on Linux by turning it off. >
Though of course you also have to set the time aside for dealing with problems from updates that constantly appear on the Gentoo Hardened list though it does provide an extra layer easily for simple systems, like systrace and chflags can to lesser degrees but conversely might reduce the effectiveness of chflags due to the higher likelihood of a kernel exploit especially on those complex systems where a great deal needs to be allowed by the RBAC/MAC. You certainly have to spend a long time configuring linux (which is thankfully very configure outable) and writing and auditing a lot of code to get RBAC anywhere near as uncircumventable as chflags and even DACs on an OpenBSD kernel. Grsecurity is a bolt on and so has many addon features like chroot escape prevention techniques but obviously struggles with upstream to get at the real important core of Linux and certainly cannot change the mindset of Linux which is features trump almost everything. Just look at systemd overruling the more security conscious and those that have atleast some understanding of the lower levels of the OS. Whilst I say security vs functionality is a myth due to time and the right care working around it, in general and by default it is often true. One of OpenBSDs primary goals is just that and the users learn from that. It's like trying to add armor to a land rover or designing it as an armoured vehicle in the first place. > OpenBSD permissions are fairly simple, thoroughly considered, > and set up with sane defaults. Most people continue to rely on just > these basic controls, on OpenBSD *and* on systems with RBAC. What I find amusing is just how often it isn't a defence in depth approach because the power of DACs and priviledge seperation are hardly used or even barely understood by RBAC advocates. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
