From: ao@morpork.shnet.org (A. Ott)
Subject: Re: RSBAC
Date: 02 Nov 1998 21:12:00 +0100
Next Article (by Author): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
## Nachricht am 28.10.98 archiviert ## Ursprung: /ao@ao.morpork.shnet.org On 27 Oct 1998, A. Ott wrote: > > I've been playing with DG/UX's B2 featureset. One of the interesting > > things they do is per-context /tmp directories, so that one user's /tmp > > isn't another user's /tmp. Quite an interesting approach, and I'll have > > to look more deeply at it to see where the problems lie. > > This idea was around here sometimes. I thought about configurable /tmp > replacements for different security levels. One problem: It must be a > module decision or a per-user/per-process solution (setuid???), otherwise > the whole underlying model gets broken. The per-user stuff is indeed configurable. As far as per-process goes, I would think that you could arrange some sort of MAC level "global" virtual /tmp directory so that processes would see both their own uid based /tmp and files from their particular MAC level, or some similar scheme? Paul ------------------------------------------------------------------------- Paul D. Robertson gatekeeper@gannett.com ## CrossPoint v3.11 ## - To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to majordomo@morpork.shnet.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]