Smack (software)

Smack

Original author(s)	Casey Schaufler
Initial release	April 17, 2008 (2008-April-17)
Operating system	Linux
Type	Computer security, Linux Security Modules (LSM)
License	GPL2
Website	schaufler-ca.com

Smack (full name: Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control (MAC) rules, with simplicity as its main design goal.^[1] It has been officially merged since the Linux 2.6.25 release,^[2] and was the main access control mechanism for the MeeGo mobile Operating System.^[3]^[4] It is also used to sandbox HTML5 web applications in the Tizen architecture,^[5] in the commercial Wind River Linux solutions for embedded device development,^[6]^[7] in Philips Digital TV products.,^[8] and in Intel's Ostro™ OS for IoT devices.^[9]

Design

Smack consists of three components:

A kernel module that is implemented as a Linux Security Module. It works best with file systems that support extended attributes.
A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration.
A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar patches to Busybox were also created. SMACK does not require user-space support.^[10]

Criticism

Smack has been criticized for being written as a new LSM module instead of an SELinux security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.^[11]

References

↑ "Official SMACK documentation from the Linux source tree". Archived from the original on 2012-09-13.
↑ Jonathan Corbet. "More stuff for 2.6.25". Archived from the original on 2012-09-12.
↑ Jake Edge. "The MeeGo Security Framework". Archived from the original on 2012-09-12.
↑ The Linux Foundation. "MeeGo Security Architecture". Archived from the original on 2012-09-12.
↑ Onur Aciicmez, Andrew Blaich. "Understanding the Access Control Model for Tizen Application Sandboxing". Archived from the original (PDF) on 2012-09-12.
↑ Wind River. "Wind River Linux 4 Product Note". Archived from the original (PDF) on 2012-09-22.
↑ Wind River. "Wind River Linux 3 Product Note". Archived from the original (PDF) on 2012-09-22.
↑ Embedded Alley Solutions, Inc. "SMACK for Digital TV". Archived from the original (PDF) on 2012-09-22.
↑ Intel Open Source Technology Center. "Ostro™ OS Architecture Overview". Archived from the original on 2016-10-30.
↑ "Smack Userspace Tools README". Archived from the original on 2012-09-13.
↑ Casey Schaufler. "Re: PATCH: Smack: Simplified Mandatory Access Control Kernel". Archived from the original on 2012-09-12.

Jake Edge (2007-08-08). "Smack for simplified access control". Linux Weekly News.
Jonathan Corbet (2007-02-10). "SMACK meets the One True Security Module". Linux Weekly News.
Casey Schaufler (January 2008). "The Simplified Mandatory Access Control Kernel". Linux.conf.au. Archived from the original (PPT) on 2012-09-22. Session video (OGG). Melbourne, Australia.
Jake Edge (2008-08-06). "Ottawa Linux Symposium: Smack for embedded devices". Linux Weekly News.
Casey Schaufler (July 2008). "Smack in Embedded Computing". Proceedings of the Linux Symposium. 2. pp. 186–197. Archived from the original (PDF) on 2012-09-12.
Jake Edge (2009-10-07). "Linux Plumbers Conference: Three sessions from the security track". Linux Weekly News.
Elena Reshetova, Casey Schaufler (November 2010). "Mobile Simplified Security Framework Overview". MeeGo Conference. Archived from the original (PDF) on 2012-09-12.

Linux kernel

Organization

Kernel	Linux Foundation Linux Mark Institute Linus's Law Tanenbaum–Torvalds debate Linux-libre Tux SCO issues Linaro GNU GPL v2 menuconfig Supported computer architectures Kernel names Criticism

Support	Developers The Linux Programming Interface kernel.org LKML Linux conferences Users Linux User Group (LUG)

Technical

Debugging

Startup

ABIs

APIs

Of
userspace

FS, daemons	devfs devpts debugfs procfs sysfs systemd udev Kmscon

Wrapper libraries	C standard library glibc uClibc Bionic libhybris dietlibc EGLIBC klibc musl Newlib libcgroup libdrm libalsa libevdev

Of
kernel

System Call Interface	POSIX ioctl select open read close sync … Linux-only futex epoll splice dnotify inotify readahead …

In-kernel	ALSA Crypto API DRM kernfs New API Video4Linux

Components

Variants

Virtualization	Hypervisor KVM Xen OS-level virtualization Linux-VServer Lguest LXC OpenVZ Other L4Linux ELinOS User-mode Linux MkLinux coLinux

Adoption

Range of use	Desktop Embedded Gaming Thin client: LTSP Thinstation Server: LAMP LYME-LYCE Devices

Adopters	List of Linux adopters GENIVI Alliance Proprietary software for Linux

People

Category
Commons
Book
Wikiversity
Portal

This article is issued from Wikipedia - version of the 11/9/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

Smack (software)

Design

Criticism

References

Further reading