The road to computer security can't be especially smooth or straight for us to have wound up where we are. Why are there so many start-up options in systemd? Why is CAP_SYS_ADMIN so broad, when CAP_CHOWN is so specific? Who came up with the "mask" in access control lists? Are namespaces a security feature, or not? How did SELinux get so complicated? How did we come up with all these peculiar behaviors?
Let a kernel programmer from the 1970's take you through some of the history, mindset and all too often politics that have created the security paradigms, facilities and features we know in Linux today. We'll cover a few things from before the epoch (1 January, 1970) and the early days of UNIX. There will be a bit about the American "Orange Book", and how "C2 in '92" drove a frenzy of security feature development. We'll discuss how that lead to the POSIX P1003.1e/2c DRAFT and it's implications for security features as well as how it created an early cooperative development mindset within the security community. The arrival of Linux and the internet introduce new opportunities. The emergence of Linux Security Modules and their disappointing impact gets mentioned, too. Of course, the move from open systems to open source is next. The move to isolation, using virtualization and namespaces and the inevitable discovery of containers comes next.
We wrap up with some predictions of direction and possible disappointments in the future.
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and more audit systems than is really healthy. His involvement in Linux began with the Linux Security Module work at the turn of the century, introducing the Smack LSM in 2007. Casey is reworking the LSM infrastructure to support multiple concurrent modules. He has spoken at LCA, OLS, and many venues.