[Esa-l] ANN: sanitizer 2.0 policy tester

John D. Hardin jhardin at wolfenet.com
Fri Feb 16 21:15:49 PST 2001 

All:

I've developed a policy-file syntax and a test kit for you to play
with and develop your policy files in anticipation of the 2.0 release.

Unzip the attached somewhere and read the .txt file, it describes the
policy syntax (clearly? let me know).

There are some sample policy files for you to look at, and the perl
functions that will read the policy files and compare filenames. To
test:

  # if you want debugging:
  export DEBUG=1
  # if you want lots of debugging:
  export DEBUG_VERBOSE=1

  # define policy:
  # set directory for relative policy files
  export SECURITY_POLICY_DIR=.
  # (or wherever - note that "./" will not work, as ./ ../ .../ etc
  # get stripped; this may yet change)

  export SECURITY_POLICY="policyfile:/dir1/dir2/policyfile:policyfile"

  perl policy-check.pl filename [filename...]

Play with it and see what you think. See if you can break it. This is
very alpha.

Develop different SECURITY_POLICY sets for different local policy
domains. Or you might want to have a single SECURITY_POLICY file list
and have different SECURITY_POLICY_DIRs with those files to select
what happens, or a mixture of relative path policy files (controlled
by SECURITY_POLICY_DIR) and explicit path policy files.

Flexible enough for everybody?

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at wolfenet.com      pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
                                    <davidb at ce.washington.edu>
-----------------------------------------------------------------------
   106 days until Mir deorbits
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sanitizer-samples.tar.gz
Type: application/octet-stream
Size: 2942 bytes
Desc: Policy test kit
Url : http://ga.impsec.org/pipermail/esd-l/attachments/20010216/87d700d1/sanitizer-samples.tar.obj

More information about the esd-l mailing list