This page reflects our current work queue - if you miss anything here, it will probably not happen. Please discuss any wishes on the RSBAC mailing list at rsbac@rsbac.org or open a bug. The RSBAC development team.

• ao
  • Virtual User Management: additional virtual sets of UM users and groups, to be selected via a GENeral process attribute. Select once using program file attribute or jail parameter. Change tid.user to {uid, um_set) and have all user and group attributes, ACLs, ACL groups etc. per virtual set. Default set is 0. Use fast arrays of list handles, array size (= max number of virtual sets) configurable.

• ao
• kang
• michal
  • Add RC role attribute indicating that one has to authenticate with her UM password before actively changing to that role and mechanism for doing it.
  • Add kexec call control with new kexec SCD type.
  • New JAIL switch for enclosing process in its private namespace.
  • Hide dir entries a process has no SEARCH right for - 2.6 done and working good, 2.4 in a middle.
  • New CAP capability: ld-preload. ld.so can check for this cap and only do preload, if enabled.
  • Add syscall rsbac_rc_create_file(filename, mode, rc_type), which creates a file with a given type. Caller’s current role needs new special right SELECT to the type.

• ao
  • Automatic secure and reliable list replication to other RSBAC systems.

• kang
  • Per-target log settings for USER, GROUP, SCD, using log_array_low and log_array_high like for FD, DEV, NETOBJ.
  • Replace the Dazuko interface with an RSBAC interface, compatible with Dazuko/Fazuko registration/scanning. Use RSBAC caching/attributes instead of path based Dazuko’s pass. (will ignore include/exclude path settings inside the scanner). This will result in faster scanning and more consistent attributes.

• michal
  • Checking/completing Documentation/rsbac/Interceptions-2.6 to match the review.
  • Add more REG modules as an examples yet ready for production use - most important seclvl.
  • Include patches for standard system tools like ps,top,ls.

• kang
• michal
  • Get Xen working with RSBAC. Add SCD:xen control for xen administration.

* New request on USER target for authentications, to avoid password tests on any account.

• Pseudonymic remote IP addresses: When process asks for peer address, return a pseudonymic address, if enabled both for program and matching template. Provide same functionality for firewall and RSBAC logs. Useful for privacy conforming logs. Pseudonyms per byte, forward and reverse lookup tables for values.
• JAIL FD attributes to force a jail on a program.
• New rsbac_um_menu for UM administration
• User Management option to automatically create user pseudos when adding a user.
• CAP learning mode for single programs.
• Avoid request no module stated any interest in. Use a request_vector_t to store and a simple inline function to perform the check. Fill vector automatically from DO_NOT_CARE results. Problem with logging, though. Does not work with RC and ACL, because they always check all requests, so maybe per-module.
• Real model driven logging model - extend the decision return code to also signal whether this module requests logging. Still, we could use the object based logging rules for other targets than FD, DEV and NETOBJ. Note that these rules can also suppress logging - the decision extension could only request logging.
• Per role and object RC ADF debug mode
• New rsbac_ipc_menu in admin tools for IPC administration
• AUTH daemon for backwards compatible and network based authentication enforcement.
• Avoid auto-mount race or at least detect earlier and only mount once. Partly done in 1.2.3.
• Make secure delete on journalled filesystems (at least ext3) more reliable, e.g. hook into the block deallocation code. Might need a new mount option for ext3 etc.
• Hunt error RSBAC_EINVALIDVALUE when changing attribute values for files on a full partition.
• ACLs for ACL groups.
• Programs as ACL subjects, e.g. assign ACL program IDs to program files and use them in ACL entries.
• Full support for IPv6 in Network Templates and network/firewall administration.
• IPv6 support in JAIL module.
• Show difference between two RC roles.
• Allow IP list in jail, not just one IP.
• ACL learning mode for RC roles and other target types.
• ACL support in Samba.
• Object history list in rsbac_fd_menus.
• Mount options rc_type_fd=<n> (might be others if necessary) to override fd rc types on mounted fs. We need to make sure it is secure, maybe with secoff involved in decision.
• Tool to see all RSBAC managed properties applied to one object.

• Solution for rsbac_list_get_all_* with very long lists, e.g. allow to specify an offset.
• More fine grained locking for hashed lists - or use RCU etc. (done on some parts?)

• RBAC model as runtime registration module.
• SELinux model as runtime registration module.
• Helper script to load existing SELinux configs into the SELinux module.
• RC ttl setting in menues (already displayed, but setting is a bit tricky).
• Make ACL learning mode be triggered by user and/or role.
• Backup optimization with per-directory reference counters, if counter == 0, skip full tree.
• (Maybe) Exclude option in backup, maybe with regular expressions.
• Replace values for ttl’d data, to be used after timeout.
• Really delete lists on rsbac_list_destroy().
• (Maybe) make AUTH cap ranges (first-from-uid, last-from-uid, first-to-uid, last-to-uid), so you can have different sets depending on the current uid.
• Optional RC role and type hierarchy for easier organization.
• (Maybe) add jail flags and IP FD attributes to force a jail for a program without chroot.
• More sophisticated resource control scheme.
• Support more network address families in templates.
• Support more network address families with NETDEV and SCD/network/firewall.
• Wrappers for rpm and dpkg to backup and restore attributes on package updates.
• PM overhaul and menues.
• (maybe) Install trace mode with automatic attribute restore (for software updates).
• More learning modes etc., e.g. with automatic setup script generation.
• (maybe) Attribute set undo log in menues.
• (maybe) Attribute get log in menues.
• Use namespaces for symlink redirection, if suitable.

( see http://marc.theaimsgroup.com/?l=linux-kernel&m=112689584917417&w=2 )

• Review and maybe use XACE xorg’s security extensions

• Everlasting: Improve documentation - there are man pages, concept and detail descriptions, how-tos, examples and other stuff missing (volunteers?)
• Extend learning modes for automatic setup generation. AUTH learning finished in 1.2.3, simple global ACL learning, too.
• ACL support in Samba.
• Further improve Linux security specially as internet server system, addressing special needs for that. The (improved) Role Compatibility, the AUTH and the ACL model can help a lot here.
• Some day, if ever: Meet B1 security requirements. Now that MAC categories and secure delete are implemented the way has shortened, but it is not really urgent though, since Orange Book is far out of date.

See also: Bugtracker

Follow what’s going on with the code!

• An error occured while fetching this feed: http://cia.navi.cx/stats/project/rsbac/.rss

See also: SVN repository