Re: missing avc message field names

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Russell Coker <russell-YtRjSb8ePh30CCvOHzKKcA@public.gmane.org>
To: ewalsh-+05T5uksL2qpZYMLLGbcSA@public.gmane.org
Cc: Steve Grubb <sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	Karl MacMillan <kmacmill-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	Steve G <linux_4ever-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>,
	selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org
Subject: Re: missing avc message field names
Date: Tue, 30 Jan 2007 23:25:09 +1100	[thread overview]
Message-ID: <200701302325.12726.russell@coker.com.au> (raw)
In-Reply-To: <45BE87E0.5090109-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>

On Tuesday 30 January 2007 10:48, Eamon Walsh <ewalsh-+05T5uksL2qpZYMLLGbcSA@public.gmane.org> wrote:
> there might be SELinux-enhanced e-mail clients,
> office applications, file managers in the future

Yes, we need all that.

There are some people interested in SE enhanced MUAs.

One issue is that SE-X is required for full functionality in this regard 
(let's assume for the sake of discussion that almost everyone who matters 
uses a GUI MUA).  Another issue is that the design of MUAs is tending towards 
greater integration with the desktop environment and larger more complex code 
bases.

I'm thinking of starting to attack this by developing a password sequestration 
system for MUAs.  The idea being that the MUA would run a SETGID program and 
request a POP connection, it would be returned a file handle for an 
authenticated connection but have no way of obtaining the password that was 
used.  This will offer significant security benefits in a non-SE environment 
and even better protection with SE Linux.  A compromised MUA would not be 
able to obtain a password list and send it to a hostile party (it would be 
able to proxy access to the POP server and to send copies of all stored 
messages).  Given the incidence of passwords being used for multiple 
functions this would significantly mitigate the risks of MUA based attacks.

The current situation is tending towards having an ever increasing amount of 
the practical system integrity dependant on the integrity of a single user 
account (in which all programs run with the same security context).

Getting upstream support for labelled email is going to be very difficult with 
the current client side security situation.

Now if we could just get web browsers to have their functionality split into 
multiple programs with different security contexts...

-- 
russell-YtRjSb8ePh30CCvOHzKKcA@public.gmane.org
http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo-+05T5uksL2qpZYMLLGbcSA@public.gmane.org with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2007-01-30 12:25 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20070129185542.32977.qmail@web51502.mail.yahoo.com>
2007-01-29 19:22 ` missing avc message field names Eamon Walsh
     [not found]   ` <45BE4971.6090601-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2007-01-29 19:43     ` Karl MacMillan
2007-01-29 20:07       ` Eamon Walsh
2007-01-29 20:56   ` Steve Grubb
2007-01-29 21:16     ` Karl MacMillan
2007-01-29 22:49       ` Steve Grubb
2007-01-29 23:48         ` Eamon Walsh
     [not found]           ` <45BE87E0.5090109-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>
2007-01-30 12:25             ` Russell Coker [this message]
     [not found]         ` <200701291749.21897.sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2007-01-30 14:49           ` Karl MacMillan
2007-01-30 17:06             ` Joshua Brindle
2007-01-30 17:28               ` Valdis.Kletnieks
2007-01-30 18:45               ` Casey Schaufler
2007-01-30 17:42             ` Steve Grubb
2007-01-30 22:53             ` James Antill
     [not found]               ` <1170197588.3373.28.camel-pBdgC7Q4sO52KDkfy0k2sw@public.gmane.org>
2007-01-31  0:50                 ` Karl MacMillan
2007-01-31  5:29                   ` Joshua Brindle
     [not found]                     ` <45C02948.9090607-5TQdPaFcblfQT0dZR+AlfA@public.gmane.org>
2007-01-31 22:59                       ` Russell Coker
2007-02-01 11:40                         ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200701302325.12726.russell@coker.com.au \
    --to=russell-ytrjsb8eph30ccvohzkkca@public.gmane.org \
    --cc=ewalsh-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
    --cc=kmacmill-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=linux_4ever-/E1597aS9LQAvxtiuMwx3w@public.gmane.org \
    --cc=selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org \
    --cc=sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox