From: Tom <tom@lemuria.org>
To: selinux@tycho.nsa.gov
Subject: Re: Cambridge Security Group talk
Date: Sat, 18 Jan 2003 04:45:55 +0100 [thread overview]
Message-ID: <20030118044554.A19790@lemuria.org> (raw)
In-Reply-To: <200301180149.27476.russell@coker.com.au>; from russell@coker.com.au on Sat, Jan 18, 2003 at 01:49:27AM +0100
On Sat, Jan 18, 2003 at 01:49:27AM +0100, Russell Coker wrote:
> One issue that drew a number of comments from the audence was the length of
> security contexts and the amount of typing that it can involve. One audience
> member said "space in an Xterm is precious", another audience member
> mentioned having three servers without X that were not administered remotely
> (IE everything is done at the console without even an X based cut/paste
> facility).
One partial solution (for those of us using it) would be to make bash's
"tab complete everything" feature aware of security contexts. It's
already pretty powerful (e.g. on an scp it can tab-complete remote
paths, for many programs it can tab-complete commandline parameters,
etc)
Another partial solution are aliases. For example, I have aliases for
ls --context and ps --context.
> Also an audience member asked me if it would be possible to run a machine with
> all files and processes UID=0, which was a strange co-incidence as I have
> been planning to do that for play machine ][ (but I may have mentioned it on
> a mailing list or something and the word may have got around). This idea
> seemed to get a lot of interest from the audience, who seemed to actually
> want to do it as a serious way of running a system (rather than as a fun
> demonstration of the power of SE Linux).
Well, essentially it would condense the current 2D matrix we have on
permissions back to a one-dimensional system, only along the other
axis.
It would definitely be interesting for embedded systems, consoles and
other stuff that doesn't really have very much of a user concept. For
example, the iPAQ distribution (familiar) runs everything as root
unless you install some add-on packages.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-01-18 3:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-18 0:49 Cambridge Security Group talk Russell Coker
2003-01-18 3:45 ` Tom [this message]
2003-01-18 5:57 ` Brian May
2003-01-21 0:31 ` Root-only systems forrest whitcher
2003-01-21 1:56 ` Russell Coker
2003-01-18 6:06 ` Cambridge Security Group talk Brian May
2003-01-19 6:13 ` Florian Hines
2003-01-19 16:57 ` Russell Coker
2003-01-25 22:06 ` selinux+Steven.Murdoch
-- strict thread matches above, loose matches on Subject: below --
2003-01-21 17:42 Stephen D. Smalley
2003-01-21 22:37 ` Russell Coker
2003-01-21 17:48 Stephen D. Smalley
2003-01-21 18:57 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030118044554.A19790@lemuria.org \
--to=tom@lemuria.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.