On Wed, 2006-04-19 at 02:40 -0400, Kyle Moffett wrote:
> On Apr 18, 2006, at 21:48:56, Casey Schaufler wrote:
> > --- James Morris <[email protected]> wrote:
> >> With pathnames, there is an unbounded and unknown number of
> >> effective security policies on the system, as there are an
> >> unbounded and unknown number of ways of viewing the files via
> >> pathnames.
> >
> > I agree that for traditional DAC and MAC (including the flavors
> > supported by SELinux) inodes is the only way to go. SELinux is a
> > traditional Trusted OS architecture and addresses the traditional
> > Trusted OS issues.
>
> Perhaps the SELinux model should be extended to handle (dir-inode,
> path-entry) pairs. For example, if I want to protect the /etc/shadow
> file regardless of what tool is used to safely modify it, I would set
> up security as follows:
SELinux already provides a way to protect /etc/shadow, in a much
stronger way. It does require some library/application modifications
(already present in some distros) to preserve a different security label
on files containing shadow data than on files containing public passwd
data, but that is no different than the existing approach for preserving
different file modes on those files. It doesn't require the kernel to
deal with pathnames itself.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]