请输入您要查询的百科知识:

 

词条 Smack (software)
释义

  1. Design

  2. Criticism

  3. References

  4. Further reading

{{Infobox software
| name = Smack
| logo = Smack-tux.svg
| author = Casey Schaufler
| released = {{Start date|2008|April|17}}
| operating system = Linux
| genre = Computer security, Linux Security Modules (LSM)
| license = GPL2
| website = {{URL|http://schaufler-ca.com/}}
}}Smack (full name: Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control (MAC) rules, with simplicity as its main design goal.[1] It has been officially merged since the Linux 2.6.25 release,[2] it was the main access control mechanism for the MeeGo mobile Operating System.[3][4] It is also used to sandbox HTML5 web applications in the Tizen architecture,[5] in the commercial Wind River Linux solutions for embedded device development,[6][7] in Philips Digital TV products.,[8] and in Intel's Ostro OS for IoT devices.[9]

Since 2016, Smack is required in all Automotive Grade Linux (AGL) implementations where it provides in association with other Linux facilities the base for the AGL security framework.

[10][11]

Design

Smack consists of three components:

  • A kernel module that is implemented as a Linux Security Module. It works best with file systems that support extended attributes.
  • A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration.
  • A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar patches to Busybox were also created. SMACK does not require user-space support.[12]

Criticism

Smack has been criticized for being written as a new LSM module instead of an SELinux security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.[13]

References

{{Portal|Free and open-source software|Computer security|Linux}}
1. ^{{cite web| url=http://schaufler-ca.com/description_from_the_linux_source_tree| title=Official SMACK documentation from the Linux source tree| archiveurl = https://www.webcitation.org/6AqzohCXq| archivedate = 2012-09-13}}
2. ^{{cite web| url=https://lwn.net/Articles/267849/| title=More stuff for 2.6.25| author=Jonathan Corbet| archiveurl = https://www.webcitation.org/6AqxbHgv3| archivedate = 2012-09-12}}
3. ^{{cite web| url=https://lwn.net/Articles/416771/| title=The MeeGo Security Framework| author=Jake Edge| archiveurl = https://www.webcitation.org/6Aqsyzvan| archivedate = 2012-09-12}}
4. ^{{cite web| url=http://wiki.meego.com/Security/Architecture| title=MeeGo Security Architecture| author=The Linux Foundation| archiveurl = https://www.webcitation.org/6AqsXTUx0| archivedate = 2012-09-12}}
5. ^{{cite web| url = http://download.tizen.org/misc/media/conference2012/wednesday/seacliff/2012-05-09-0945-1025-understanding_the_permission_and_access_control_model_for_tizen_application_sandboxing.pdf| title = Understanding the Access Control Model for Tizen Application Sandboxing| author = Onur Aciicmez, Andrew Blaich| archiveurl = https://www.webcitation.org/6AqsXTUx0| archivedate = 2012-09-12}}
6. ^{{cite web| url=http://windriver.com/products/product-notes/PN_Linux_4_1_0811.pdf| title=Wind River Linux 4 Product Note| author=Wind River| archiveurl = https://www.webcitation.org/6As2voylb| archivedate = 2012-09-22}}
7. ^{{cite web| url=http://www.windriver.com/products/product-notes/wind-river-linux-product-note.pdf| title=Wind River Linux 3 Product Note| author=Wind River| archiveurl = https://www.webcitation.org/6As38vFgh| archivedate = 2012-09-22}}
8. ^{{cite web| url=http://www.embeddedalley.com/pdfs/Smack_for_DigitalTV.pdf| title=SMACK for Digital TV| author=Embedded Alley Solutions, Inc.| archiveurl = https://www.webcitation.org/6As4D4a0R| archivedate = 2012-09-22}}
9. ^{{cite web| url=https://ostroproject.org/documentation/architecture/architecture-overview.html| title=Ostro™ OS Architecture Overview| author=Intel Open Source Technology Center.| archiveurl = https://www.webcitation.org/6le9ACbCJ| archivedate = 2016-10-30}}
10. ^{{cite web| url= http://docs.automotivelinux.org/docs/architecture/en/dev/| title=AGL Security Framework| author=Automotive Grade Linux| archiveurl = https://www.webcitation.org/6qBFClCdv| archivedate = 2017-05-03}}
11. ^{{cite web| url= https://fosdem.org/2017/schedule/event/agl_secure_industrial/| title=AGL as a generic secured industrial embedded Linux| author=Dominig ar Foll | archiveurl = https://www.webcitation.org/6qBFttCc7| archivedate = 2017-05-03}}
12. ^{{cite web| url=https://raw.github.com/promovicz/smack-util/master/README| title=Smack Userspace Tools README| archiveurl = https://www.webcitation.org/6Aru3nUDn| archivedate = 2012-09-13}}
13. ^{{cite web| url=http://article.gmane.org/gmane.linux.kernel/568396| title=Re: PATCH: Smack: Simplified Mandatory Access Control Kernel| author=Casey Schaufler| archiveurl = https://www.webcitation.org/6AqtjGSts| archivedate = 2012-09-12}}

Further reading

  • {{cite web

|url = https://lwn.net/Articles/244531/
|author = Jake Edge
|title = Smack for simplified access control
|work = Linux Weekly News
|date = 2007-08-08
}}
  • {{cite web

|url = https://lwn.net/Articles/252562/
|author = Jonathan Corbet
|title = SMACK meets the One True Security Module
|work = Linux Weekly News
|date = 2007-02-10
}}
  • {{cite conference

| url = http://mirror.linux.org.au/pub/linux.conf.au/2008/slides/092-SmackLCA2007.ppt
| title = The Simplified Mandatory Access Control Kernel
| author = Casey Schaufler
|date=January 2008
| booktitle = Linux.conf.au
| archiveurl = https://www.webcitation.org/6ArwwbKmN
| archivedate = 2012-09-22
| format = PPT

}} {{cite video


| title = Session video
| location = Melbourne, Australia
| url = http://mirror.linux.org.au/pub/linux.conf.au/2008/Thu/mel8-092.ogg
| format = OGG
}}
  • {{cite web

|url = https://lwn.net/Articles/292291/
|author = Jake Edge
|title = Ottawa Linux Symposium: Smack for embedded devices
|work = Linux Weekly News
|date = 2008-08-06
}}
  • {{cite conference

| url = http://www.linuxsymposium.org/archives/OLS/Reprints-2008/schaufler-reprint.pdf
| title = Smack in Embedded Computing
| author = Casey Schaufler
|date=July 2008
| volume = 2
| booktitle = Proceedings of the Linux Symposium
| archiveurl = https://www.webcitation.org/6Ar2q16RJ
| archivedate = 2012-09-12
| pages = 186–197
| format = PDF
}}
  • {{cite web

|url = https://lwn.net/Articles/355015/
|author = Jake Edge
|title = Linux Plumbers Conference: Three sessions from the security track
|work = Linux Weekly News
|date = 2009-10-07
}}
  • {{cite conference

| url = http://conference2010.meego.com/sites/all/files/sessions/meego-conference-overview_v_final.pdf
| title = Mobile Simplified Security Framework Overview
| author = Elena Reshetova, Casey Schaufler
|date=November 2010
| booktitle = MeeGo Conference
| archiveurl = https://www.webcitation.org/6ArBCdJ3V
| archivedate = 2012-09-12
| format = PDF
}}{{Linux kernel}}

3 : 2008 software|Linux kernel features|Linux security software
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/20 12:12:25