Girish Mahajan (Editor)

Smack (software)

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Original author(s)
  
Casey Schaufler

License
  
GPL2

Operating system
  
Linux

Website
  
schaufler-ca.com

Smack (software)

Initial release
  
April 17, 2008 (2008-April-17)

Type
  
Computer security, Linux Security Modules (LSM)

Smack (full name: Simplified Mandatory Access Control Kernel) is a Linux kernel security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control (MAC) rules, with simplicity as its main design goal. It has been officially merged since the Linux 2.6.25 release, and was the main access control mechanism for the MeeGo mobile Operating System. It is also used to sandbox HTML5 web applications in the Tizen architecture, in the commercial Wind River Linux solutions for embedded device development, in Philips Digital TV products., and in Intel's Ostroâ„¢ OS for IoT devices.

Contents

Design

Smack consists of three components:

  • A kernel module that is implemented as a Linux Security Module. It works best with file systems that support extended attributes.
  • A startup script that ensures that device files have the correct Smack attributes and loads the Smack configuration.
  • A set of patches to the GNU Core Utilities package to make it aware of Smack extended file attributes. A set of similar patches to Busybox were also created. SMACK does not require user-space support.

    • Criticism

    Smack has been criticized for being written as a new LSM module instead of an SELinux security policy which can provide equivalent functionality. Such SELinux policies have been proposed, but none had been demonstrated. Smack's author replied that it would not be practical due to SELinux's complicated configuration syntax and the philosophical difference between Smack and SELinux designs.

    References

    Smack (software) Wikipedia
    (Text) CC BY-SA