On Tue, 2006-04-18 at 18:48 -0700, Casey Schaufler wrote:
>
> --- James Morris <[email protected]> wrote:
>
>
> > With pathnames, there is an unbounded and unknown
> > number of effective
> > security policies on the system, as there are an
> > unbounded and unknown
> > number of ways of viewing the files via pathnames.
>
> I agree that for traditional DAC and MAC (including
> the flavors supported by SELinux) inodes is the
> only way to go. SELinux is a traditional Trusted OS
> architecture and addresses the traditional Trusted
> OS issues.
Hmmm..can't say that SELinux has been accused of being a "traditional
trusted OS architecture" before. Flask and TE aren't precisely
traditional. But it does preserve the key characteristics required to
support real MAC.
> But as someone demonstrated earlier, not everyone
> believes that an EAL makes them feel secure and that
> is what LSM is really all about, allowing people
> who don't care about Protection Profiles but who do
> care about security to do something about it. How
> many of you have lambasted me over the years because
> I bled Orange? If SELinux is the only "secure" Linux
> haven't the Orange Book/Common Criteria people proven
> right in the end?
This would be fine, if the technical approach were sound (not
necessarily the same as SELinux, but sound) and fit properly with the
LSM interface. But the path-based approach isn't technically sound, and
even if we were to assume that it was, it isn't even a good fit for the
LSM hook interfaces.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]