Re: [RFC][PATCH 3/6] SLIM main patch

Hi!


SLIM inherently deals with dynamic labels, which is a feature not
currently available in selinux. While it might be possible to
add support for this to selinux, it would not appear to be simple,
and it is not clear if the added complexity would be desirable
just to support this one model. (Isn't choice what LSM is all about? :-)

Comments on the model:

Some of the prior comments questioned the usefulness of the
low water-mark model itself. Two major questions raised concerned
a potential progression of the entire system to a fully demoted
state, and the security issues surrounding the guard processes.

In normal operation, the system seems to stabilize with a roughly
equal mixture of SYSTEM, USER, and UNTRUSTED processes. Most
applications seem to do a fixed set of operations in a fixed domain,
and stabilize at their appropriate level. Some applications, like
firefox and evolution, which inherently deal with untrusted data,
immediately go to the UNTRUSTED level, which is where they belong.
In a couple of cases, including cups and Notes, the applications
did not handle their demotions well, as they occured well into their
startup. For these applications, we simply force them to start up
as UNTRUSTED, so demotion is not an issue. The one application
that does tend to get demoted over time are shells, such as bash.
These are not problems, as new ones can be created with the
windowing system, or with su, as needed. To help with the associated
user interface issue, the user space package README shows how to
display the SLIM level in window titles, so it is always clear at
what level the process is currently running.

This -- or preferably some better explanation -- needs to go into
Documentation somewhere.

Is this supposed to protect my ~/.ssh/private_key from mozilla?

How will it work in case such as ssh? It takes password / reads
private key I care about, then communicates with remote server...

As mentioned earlier, cupsd and notes are applications which are
always run directly in untrusted mode, regardless of the level of
the invoking process.

So I will not be able to print my private key?
Pavel
--
Thanks for all the (sleeping) penguins.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • PICK Programmer needed in Renton, WA
    ... A co-worker of mine has an opening for a PICK programmer to work on his ... Develop, support and perform extensive or complex, advanced ... Debug programs and applications. ... develop an understanding of the roles and responsibilities of the ...
    (comp.databases.pick)
  • Re: Quorum Disk or Majority Node?
    ... LOT of 3rd party applications where every issue is always blamed on ... See "Sizing a Majority Node Set Cluster" ... When SQL Server 2005 starts supporting database mirroring there is ... SQL Server does not NATIVELY support MNS clustering. ...
    (microsoft.public.sqlserver.clustering)
  • Re: AppDomains and static unmanaged variables
    ... wrapper assembly) to be marshaled over to a singleton AppDomain? ... Is there nothing to protect legacy code that does not ... get messed state management when running multiple web applications in the ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: We have following openings
    ... support work in the Business Applications group within the Customer ...
    (alt.politics)
  • Re: What should I buy?..Palm vs PPC?..PLEASE ALL HELP ME!
    ... In overall, the ppc have a more powerful OS, better ... on light use (PIM applications). ... survive my negligence in forgetting to charge it every two days. ... JVM support, the free eVC environment for native developements, etc. ...
    (microsoft.public.pocketpc)