From: selinux list <selinux_list@yahoo.it>
To: SELinux mailing list <selinux@tycho.nsa.gov>
Subject: about the safety problem in SELinux
Date: Wed, 14 May 2003 19:13:17 +0200 [thread overview]
Message-ID: <3EC2792D.1020209@yahoo.it> (raw)
I'm studying the well known ¨safety problem¨ stated the first time in an
old article by Harrison, Ruzzu, Ullman.
I know there exist lots of different security models that try to address
the problem of guarantee the safety of a protection system (in a few
words, a generic configuratrion of a protection system is said to be
safe if there is no leakage of any generic right from that
configuration; in other words there is no propagation of rights). Type
Enforcement should be safe for default. If I am not wrong it has been
demonstrated RBAC is not safe in general. There are some
constraint-oriented approaches which seems to be good in providing safety.
What about SELinux?
I know some of the people who subscribed this mail list are not sure
SELinux is safe. But in the Flask doc it's written the control over
right propagation is provided by ensuring that the security policy is
consulted every time an object has to be accessed (e.g. for every
security decision). Another thing that let me guess SELinux should be
safe is that almost everything is configured by TE (RBAC support is very
poor) and, above all, it is statically configured.
How could a subject acquire a right which is not granted by the security
policy?
It sounds to me it's trivial to say SELinux is safe but it's a
formidable task to configure the security policy in a way it can be
considered secure.
Is it right what I am thinking about or I am on the wrong way?
(I am developing a small tool for policy analisis purpose, for my
Graduate School Thesis, and if SELinux is safe it would be of more
value...)
Thank you and sorry if what I wrote is silly ;)
Giorgio
_________________________________________________________________
Il servizio Postemail sottopone tutti i documenti a una scansione
automatica antivirus con i programmi TREND MICRO.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2003-05-14 17:12 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-14 17:13 selinux list [this message]
[not found] ` <200305150539.40186.russell@coker.com.au>
[not found] ` <3EC2C366.5060901@yahoo.it>
2003-05-15 12:50 ` about the safety problem in SELinux Stephen Smalley
2003-05-15 16:31 ` slow application of contexts in devfs? Christopher J. PeBenito
2003-05-15 19:02 ` Stephen Smalley
2003-05-15 23:45 ` Russell Coker
2003-05-16 3:12 ` Christopher J. PeBenito
2003-05-16 5:13 ` Russell Coker
2003-05-16 11:40 ` Stephen Smalley
2003-05-17 17:05 ` Christopher J. PeBenito
2003-05-17 19:11 ` Russell Coker
2003-05-18 5:01 ` Christopher J. PeBenito
2003-05-19 12:37 ` Stephen Smalley
2003-05-19 11:39 ` Stephen Smalley
2003-05-19 13:10 ` Russell Coker
2003-05-19 14:35 ` Christopher J. PeBenito
2003-07-02 23:18 ` SE Linux mentioned in large Australian newspaper website Faye
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3EC2792D.1020209@yahoo.it \
--to=selinux_list@yahoo.it \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.