-- OPENSOLARIS PROJECT PROPOSAL --
Project Name: Fine Grained Access Policy (FGAP)
Project Synopsis: Enabling finer grained access control in OpenSolaris
Project Purpose:
The current Solaris privilege model does not allow one
to express policy requirements such as "only allow
binding to port 80/tcp", "only allow read access to
file <<foo>>" or "only allow write access under $HOME/.mozilla"
for a particular process or set of processes.
FGAP augments the current privilege model by allowing additional,
otherwise privileged operations, in a restricted manner as specified in
a configurable policy. It is therefore compatible with current Solaris
as applications which assert specific privileges will continue to
work.
It should be possible to leverage the resulting policy
exception mechanism through SMF by specifying the policy
in a service's XML file but also as a mechanism
to "sandbox" applications running under user accounts
by first removing ``basic'' privileges and then granting
them on a case by case basis. To this end, the set
of basic privileges may need to grow to include binding
to any network port, modifying any filesystem object, etc.
As part of this project, we will also take a closer look at
the implementation of profile shell in order to address
some of their deficiencies:
- the requirement to add profile shell support code
to every shell
- the inability to run internal commands as profiled
commands or to add additional privileges to file
redirects in profile shells.
The intent is to be able to express the "profileness" of
a process using a process attribute, rather than having the
shell do all the work.
We also propose to start a project specific list sooner
rather than later (fgap-discuss)
Proposed Sponsors: Security
Initial set of proposed project leads:
Casper Dik [point of contact]
Glenn Faden
Additional Participants:
Christoph Schuba
Other interested participants: please speak up, or join the project
list once we have it running. Contributions of both code and review
time are obviously quite welcome; there's a lot of work to be done
here.
