Pavel Machek wrote on 08/17/2006 07:02:14 PM:
> Hi!
>
> > Documentation.
>
> No, I still do not understand how this is supposed to work.
Yes, the documentation definitely needs more work.
> > +In normal operation, the system seems to stabilize with a roughly
> > +equal mixture of SYSTEM, USER, and UNTRUSTED processes. Most
>
> So you split processes to three classes (why three?), and
> automagically move them between classes based on some rules? (What
> rules?)
>
> Like if I'm UNTRUSTED process, I may not read ~/.ssh/private_key? So
> files get this kind of labels, too? And it is "mozilla starts as a
> USER, but when it accesses first web page it becomes UNTRUSTED"?
Processes are not moved from one integrity level to another, but are
demoted when they read from a lower integrity level object. By
definition sockets, are defined as UNTRUSTED, so reading from a
socket demotes the process to UNTRUSTED. (Secrecy is a separate
attribute.) In the Mozilla example, /usr/bin/mozilla is defined as
SYSTEM, preventing any process with lesser integrity from modifying
it. 'level -s' displays the level of the current process or of a
given file. For example,
[zohar@L3X098X ~]$ level -s /usr/bin/mozilla
/usr/bin/mozilla
security.slim.level: SYSTEM PUBLIC
Both mozilla and firefox-bin are defined as SYSTEM, as soon as the
firefox-bin process opens a socket, the process is demoted to
UNTRUSTED.
I hope this answered some of your questions. We're working on
more comprehensive documentation, which we'll post with the next
release.
Mimi Zohar
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
