[grsec] argv/envp verification for rbac?

[jnf]

Hi Brad, et al,

Also, another feature that would be nice, and I would be surprised to find
out that it just hadn't been thought of yet (and it may be in newer
versions and I just don't know it yet), would be verification of not only
what programs can be run, but also of what arguments may be passed to
them, and possibly, but to a lesser degree of importance, a check of the
environment passed to the would-be process. This would be an insane
nightmare for remote applications such as mta's and webservers, but I was
thinking strictly for local programs.

i.e., suppose I have program X which for whatever reason requires elevated
priv's and I need all/group x/whatever users to be able to access it with
elevated priv's, it would be nice to say like:

ARGS  '--option1', 'value','--option2','value','etc'
ENV  'IFS=" "', 'PATH=/bin:/usr/bin:/usr/local/bin', 'ETC=BLA'

and so on in the rules. I did some work with AS/400 not long ago, and I
seem to remember this being one of the capabilities it had that impressed
me, and as I understand it, this is also something systrace can do
[hearsay though, i could be wrong], so is there a reason its not in grsec,
and if so, I'm curious to hear the argument as to why.

cheers,

jnf

 --

There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?