Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Security Model

This section needs rewriting.

A software security model is a conceptual framework that defines the rules, boundaries, and access controls a system must follow to protect its data and resources from unauthorized use or tampering.

In the RaR context, it describes the security mechanisms that secures the program from its own usage.

Security controls

  • PAM-based authentication for dosr
  • Capability-oriented privilege model
  • Optional timestamp/timeout behavior
  • Immutable policy file workflow
  • Hardened policy editor path in chsr editor (landlock/seccomp)

Operational safeguards

  • Grant only required capabilities.
  • Prefer explicit command allow-lists.
  • Use dedicated roles for automation.
  • Force explicit role/task selection in scripts.
  • Review and test policy changes before deployment.

Typical risks

  • Over-broad command patterns
  • Unnecessary capability grants
  • Ambiguous task overlap
  • Reusing interactive roles for unattended jobs

Minimal hardening checklist

  1. Keep /etc/security/rootasrole.json protected and immutable in production.
  2. Restrict chsr usage to a small admin set :
  • Implement review processes for policy changes.
  • Implement segregation of duties for policy management and execution.
  1. Use dosr -i during policy validation (requires to allow dosr -i in policy for testing).
  2. Add CI checks for policy syntax and expected command paths.
  3. Track policy changes in version control.