Because you can't trust the programs you run to act as you expect. In most cases when you run programs they are authorised to do anything you can do. Malware and vulnerabilities in software can lead your programs to use your privileges to act maliciously.
How does it work?
FBAC-LSM is a security extension for Linux. It restricts programs based on the features that you want them to perform. You specify high level goals such as "Web Browser", some application-specific information (which can usually be automated), and then FBAC-LSM stops the programs from misbehaving.
What does the name mean?
FBAC-LSM (pronounced: Eff-back L.S.M.) is named after the security model FBAC and the LSM security framework. FBAC stands for Functionality-Based Application Confinement. The Linux Security Module (LSM) framework allows the Linux kernel to be extended with additional security features. An important component of FBAC-LSM is a Linux Security Module (LSM). FBAC-LSM also includes user-space tools. I realise the name FBAC-LSM is not catchy. One day it will probably be renamed.
Here are some key features of "FBAC-LSM":
· Limits the damage that software vulnerabilities or Trojan horses can cause by defining what programs are allowed to do.
· Restricts programs based on high level security goals using functionalities, which represents the authority to perform program features.
· Functionalities are reusable policy abstractions which are adapted for specific applications via parameters. Functionalities are also hierarchical (can contain other functionalities), so policy details can be encapsulated and policy is constructed using abstractions.
· Simultaneously provides Mandatory Access Controls and Discretionary Access Controls: administrators can configure policies which enforce application restrictions on users (MAC), and users can further confine applications to ensure the application is acting on their behalf (DAC).
· The policy manager provides a graphical interface which can step users through the process of creating new application policies.
· The policy manager can suggest functionalities, and can automate the process of specifying application details for parameters. This leaves users to specify high level goals, such as confirming which features the application should provide, and where the user stores certain resources which the program can access. For example, for the KWrite program, confirming that it is a File Editor, and specifying that you want it to be able to edit files in particular directories.
· Policy to restrict a program can usually be specified successfully without having to run the untrusted program.
· Unlike most application confinement schemes, it is not necessary for the person creating the application policy to vet every low-level action that a program performs.
· A learning mode which suggests extra privileges based on program activity is available. This can be used if the functionalities available do not provide the required privileges. Learning can occur either while enforcing policy or while policy is not in effect.
· The policy manager can be used to review policy in detail: --the policy for an application can be queried to test if the program will be allowed to access specific resources, --a list of all the low level privileges which a program will be allowed to access can be displayed, --the user can "drill down" through the hierarchical policy to view how functionalities which contain other functionalities grant privileges, --the way policy will be expressed on disk can be displayed, --or a high level description of a policy can be viewed.
· Mediates access to files and the network.