Security model: Correct setup of ACLs for files and processes #13

DonatJR · 2018-04-30T16:35:45Z

Processes:
All processes that belong to the Shark Cage application must be executed with ACLs that disallow other processes to read or modify the process memory and that disallow injection of code into these applications.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684880(v=vs.85).aspx
Configuration Files:
All configuration files should at all times (creation, modification, retrieval, backup) be protected by suitable ACLs. The ACL should ensure that only the configuration application can modify the secure desktop configuration. Members of the Administrators group may read, but not modify, the configuration.
The ACL for a picture file should ensure that only the configuration application can modify the file and that only the cage service (and/or the cage labeller) can read the file. Members of the Administrators group must not be able to read the file.

DonatJR · 2018-06-13T18:58:52Z

~~I set up the correct ACLs in the manager and for the config creation, service is still missing as this is blocked by #21~~

See 3e967c9 for current changes

DonatJR · 2018-07-10T17:03:04Z

the corresponding PR #61 got merged, so I'm closing this

DonatJR added the ToDo label Apr 30, 2018

SailReal assigned DonatJR May 1, 2018

This was referenced May 30, 2018

ACLs for processes #35

Closed

ACLs for configuration files #34

Closed

This was referenced Jul 5, 2018

Start Configurator in cage #55

Closed

Usable changes from #21 #60

Merged

ACL Setup #61

Merged

DonatJR closed this as completed Jul 10, 2018

Provide feedback