Security Model
This section needs rewriting.
A software security model is a conceptual framework that defines the rules, boundaries, and access controls a system must follow to protect its data and resources from unauthorized use or tampering.
In the RaR context, it describes the security mechanisms that secures the program from its own usage.
Security controls
- PAM-based authentication for
dosr - Capability-oriented privilege model
- Optional timestamp/timeout behavior
- Immutable policy file workflow
- Hardened policy editor path in
chsr editor(landlock/seccomp)
Operational safeguards
- Grant only required capabilities.
- Prefer explicit command allow-lists.
- Use dedicated roles for automation.
- Force explicit role/task selection in scripts.
- Review and test policy changes before deployment.
Typical risks
- Over-broad command patterns
- Unnecessary capability grants
- Ambiguous task overlap
- Reusing interactive roles for unattended jobs
Minimal hardening checklist
- Keep
/etc/security/rootasrole.jsonprotected and immutable in production. - Restrict
chsrusage to a small admin set :
- Implement review processes for policy changes.
- Implement segregation of duties for policy management and execution.
- Use
dosr -iduring policy validation (requires to allowdosr -iin policy for testing). - Add CI checks for policy syntax and expected command paths.
- Track policy changes in version control.