Re: RSBAC


From: ao@morpork.shnet.org (A. Ott)
Subject: Re: RSBAC
Date: 02 Nov 1998 21:12:00 +0100

Next Article (by Date): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


## Nachricht am 28.10.98 archiviert
## Ursprung: /ao@ao.morpork.shnet.org

On 27 Oct 1998, A. Ott wrote:

> > I've been playing with DG/UX's B2 featureset.  One of the interesting
> > things they do is per-context /tmp directories, so that one user's /tmp
> > isn't another user's /tmp.  Quite an interesting approach, and I'll have
> > to look more deeply at it to see where the problems lie.
> 
> This idea was around here sometimes. I thought about configurable /tmp  
> replacements for different security levels. One problem: It must be a  
> module decision or a per-user/per-process solution (setuid???), otherwise  
> the whole underlying model gets broken.

The per-user stuff is indeed configurable.  As far as per-process goes, I 
would think that you could arrange some sort of MAC level "global" 
virtual /tmp directory so that processes would see both their own 
uid based /tmp and files from their particular MAC level, or some similar 
scheme?

Paul
-------------------------------------------------------------------------
Paul D. Robertson
gatekeeper@gannett.com

## CrossPoint v3.11 ##
-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.