Re: RSBAC

From: ao@morpork.shnet.org (A. Ott)
Subject: Re: RSBAC
Date: 02 Nov 1998 21:12:00 +0100

Next Article (by Author): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]

Hi Paul!

You wrote:

> On 27 Oct 1998, A. Ott wrote:
>
> > > I've been playing with DG/UX's B2 featureset.  One of the interesting
> > > things they do is per-context /tmp directories, so that one user's /tmp
> > > isn't another user's /tmp.  Quite an interesting approach, and I'll have
> > > to look more deeply at it to see where the problems lie.
> >
> > This idea was around here sometimes. I thought about configurable /tmp
> > replacements for different security levels. One problem: It must be a
> > module decision or a per-user/per-process solution (setuid???), otherwise
> > the whole underlying model gets broken.
>
> The per-user stuff is indeed configurable.  As far as per-process goes, I
> would think that you could arrange some sort of MAC level "global"
> virtual /tmp directory so that processes would see both their own
> uid based /tmp and files from their particular MAC level, or some similar
> scheme?

That's an interesting idea to mix both worlds and let each module handle  
specific parts, but - what do we do if dublicate names exist? I think,  
we'd have to stick to a per-user basis, and a setuid just switches and  
that's it.

All modules must work independently, nothing must interfere with another  
module. Security levels are MAC only and switching the dir would change  
too much for the other models.

Amon.

P.S.: Would you mind moving this discussion to the RSBAC mailing list?

--
## CrossPoint v3.11 ##
-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Go to Compuniverse LWGate Home Page.