From: Karl MacMillan <kmacmillan@tresys.com>
To: Chad Hanson <chanson@TrustedCS.com>
Cc: Luke Kenneth Casson Leighton <lkcl@lkcl.net>,
SE-Linux <selinux@tycho.nsa.gov>
Subject: Re: dynamic context transitions - a seteuid parallel
Date: Mon, 01 Nov 2004 20:12:07 -0500 [thread overview]
Message-ID: <4186DEE7.9040900@tresys.com> (raw)
In-Reply-To: <36282A1733C57546BE392885C06185924D91F1@chaos.tcs.tcs-sec.com>
Chad Hanson wrote:
>Luke Kenneth Casson Leighton wrote:
>
>
>>what are the alternatives?
>>
>>
>>
>
>The alternatives are to overprivilege the application which is not
>acceptable or to rewrite all of the applications before they can be used on
>this new platform.
>
It is not clear to me how the application is not overprivileged already
if it is allowed to freely change between a privileged and unprivileged
domain. The application must be fully trusted with the maximum access
that it is granted. A misbehaving application will simply not drop
access (obviously). Additionally, it seems that from an analysis stand
point, these domains must be treated as equivalent and so it is not
clear how the argument can be made that this increases assurance.
Karl
>The latter is goal which can and should be achieved or
>time. Applications can streamlined and reorganized to fit into the modular
>framework and of cooperating applications. This is a considerable effort and
>major roadblock to utilizing SELinux and therefore Linux for these types of
>
>
>The other main roadblocks are already being addressed with Linux getting
>CAPP EAL3 and soon to be EAL4 certifications. Add LSPP and RBAC and you have
>Linux system suitable to address secure information sharing needs.
>
>-Chad
>
>
>
>>l.
>>
>>p.s. not that i actually understand MLS enough to understand
>>any answers
>>[yet] but i'm just encouraging people to bounce ideas.
>>
>>
>>
>>
>
>--
>This message was distributed to subscribers of the selinux mailing list.
>If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>the words "unsubscribe selinux" without quotes as the message.
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2004-11-02 1:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-01 22:37 dynamic context transitions - a seteuid parallel Chad Hanson
2004-11-02 0:43 ` James Morris
2004-11-02 16:31 ` Stephen Smalley
2004-11-02 1:12 ` Karl MacMillan [this message]
2004-11-02 12:49 ` Frank Mayer
2004-11-03 2:59 ` Russell Coker
2004-11-02 12:58 ` Frank Mayer
-- strict thread matches above, loose matches on Subject: below --
2004-11-01 19:28 Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4186DEE7.9040900@tresys.com \
--to=kmacmillan@tresys.com \
--cc=chanson@TrustedCS.com \
--cc=lkcl@lkcl.net \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.