From: Christoph Hellwig <hch@ns.caldera.de>
To: Stephen Smalley <sds@tislabs.com>
Cc: Casey Schaufler <casey@sgi.com>,
selinux@tycho.nsa.gov, linux-privs-discuss@sourceforge.net
Subject: Re: [Linux-privs-discuss] SELinux & Linux-privs projects
Date: Thu, 11 Jan 2001 19:59:32 +0100 [thread overview]
Message-ID: <20010111195932.C27591@caldera.de> (raw)
In-Reply-To: <Pine.SOL.3.95.1010111132105.23465e-100000@clipper.gw.tislabs.com>; from sds@tislabs.com on Thu, Jan 11, 2001 at 01:31:44PM -0500
On Thu, Jan 11, 2001 at 01:31:44PM -0500, Stephen Smalley wrote:
> > That's because those are the only operations POSIX systems
> > support! It's implicit in being a POSIX (DRAFT) standard.
>
> You can define distinct operations (permissions) in the
> mandatory security policy for distinct kernel services
> without altering the interfaces or behavior for discretionary
> access controls.
Sure you can. But Posix 1003.1e is designed to fit nicely into
a UNIX/Posix enviroment. And that's exactly why I like it.
> As discussed ad nauseum on the robust open source mailing list,
> Type Enforcement is desirable for its support for ensuring that
> applications are unbypassable and tamperproof, that processes
> with any sort of privileges cannot execute untrustworthy
> code, and for providing least privilege.
For this you have capabilities. Look at the allowed set in filesystem
capabilities. That's another fine part of Posix 1003.1e: it seperates
cleanly what does not belong together.
Christoph
--
Whip me. Beat me. Make me maintain AIX.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2001-01-11 19:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-11 14:44 SELinux & Linux-privs projects Jeffry Smith
2001-01-11 15:20 ` Stephen Smalley
2001-01-11 16:41 ` Huagang Xie
2001-01-11 16:46 ` [Linux-privs-discuss] " Christoph Hellwig
2001-01-11 15:45 ` [Linux-privs-discuss] " Christoph Hellwig
2001-01-11 16:04 ` Stephen Smalley
2001-01-11 16:16 ` Christoph Hellwig
2001-01-11 16:48 ` Stephen Smalley
2001-01-11 17:35 ` Casey Schaufler
2001-01-11 18:31 ` Stephen Smalley
2001-01-11 18:56 ` (offtopic) " Andrew Morgan
2001-01-11 18:59 ` Christoph Hellwig [this message]
2001-01-11 20:54 ` Stephen Smalley
2001-01-12 0:25 ` [Linux-privs-discuss] " Casey Schaufler
2001-01-11 16:59 ` Stephen Smalley
2001-01-23 16:13 ` Robert Watson
-- strict thread matches above, loose matches on Subject: below --
2001-01-11 23:10 Jesse Pollard
2001-01-12 21:31 ` LA Walsh
2001-01-12 23:02 Jesse Pollard
2001-01-12 23:36 ` LA Walsh
[not found] <01011220390900.30390@tabby>
2001-01-16 20:15 ` LA Walsh
2001-01-16 22:00 Jesse Pollard
2001-01-17 0:30 ` LA Walsh
2001-01-17 15:22 Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010111195932.C27591@caldera.de \
--to=hch@ns.caldera.de \
--cc=casey@sgi.com \
--cc=linux-privs-discuss@sourceforge.net \
--cc=sds@tislabs.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.