Skip to content
This repository has been archived by the owner on Mar 28, 2023. It is now read-only.

Only Allow Process Execution from Specific Directories #17

Open
mike-myers-tob opened this issue Feb 26, 2020 · 0 comments
Open

Only Allow Process Execution from Specific Directories #17

mike-myers-tob opened this issue Feb 26, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@mike-myers-tob
Copy link
Contributor

mike-myers-tob commented Feb 26, 2020

Why

As a security engineer, I only want processes from specific directory paths to be approved and executed so that my team can prevent applications located in other directories on the device's hard drive from running.

Acceptance Criteria

  • Only allow processes from the /Applications/, /Downloads/, and /Desktop/ directories to be executed.
  • Allow security engineers to edit / manage the list of approved source directories

Dev Notes

E.g., "do not allow execution from Trash" (~/.Trash/)

Allow selective enforcement by executable path. Initially our enforcement will be scoped to the /Applications/ directory. (We know this comes with plenty of workarounds, but this is just the first phase).
We should be able to express something like:
{
“default_action”: “allow_all”,
“execution_rule”:
{ “type”: “path”, “path_prefix”: “/Applications/”, “action”: “enforce”}
}
Ability to specify configuration “types” based off of the relevant ESF metadata. In the example above “path” is a rule type which is associated with an action. Our immediate need is to be able to allow specific developer certificates.

@mike-myers-tob mike-myers-tob added enhancement New feature or request blocking Related to blocking logic and rules syntax labels Feb 26, 2020
@mike-myers-tob mike-myers-tob modified the milestones: Version 1.0, Version 1.1 Feb 26, 2020
@mike-myers-tob mike-myers-tob modified the milestones: Version 1.1, Minimum Viable Product Mar 13, 2020
@alessandrogario alessandrogario removed this from the Minimum Viable Product milestone Jun 8, 2020
@MatthewARinehart MatthewARinehart removed the blocking Related to blocking logic and rules syntax label Jun 8, 2020
@MatthewARinehart MatthewARinehart changed the title Blacklist and whitelist control of process executions, by executable file path Only Allow Process Execution from Specific Paths Jun 8, 2020
@MatthewARinehart MatthewARinehart changed the title Only Allow Process Execution from Specific Paths Only Allow Process Execution from Specific Directories Jun 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants