Re: RSBAC


From: ao@morpork.shnet.org (A. Ott)
Subject: Re: RSBAC
Date: 02 Nov 1998 21:12:00 +0100

Next Article (by Subject): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


## Nachricht am 30.10.98 archiviert
## Ursprung: /ao@ao.morpork.shnet.org

On 28 Oct 1998, A. Ott wrote:

> Hi Paul!

Hello again!

> > The per-user stuff is indeed configurable.  As far as per-process goes, I
> > would think that you could arrange some sort of MAC level "global"
> > virtual /tmp directory so that processes would see both their own
> > uid based /tmp and files from their particular MAC level, or some similar
> > scheme?
> 
> That's an interesting idea to mix both worlds and let each module handle  
> specific parts, but - what do we do if dublicate names exist? I think,  

For duplicates, I'd think the rule would be to allow the per-user entry 
to exist as the default.  Perhaps though, it's better to have programs 
specificly go to /tmp/user or some such structure for purposeful file 
sharing, or to treat TEMPDIR as a global /tmp and /tmp as a per-user temp 
(or visa versa).


> we'd have to stick to a per-user basis, and a setuid just switches and  
> that's it.
> 
> All modules must work independently, nothing must interfere with another  
> module. Security levels are MAC only and switching the dir would change  
> too much for the other models.

If we default to per-user and find the exceptions for per-machine, I 
think we can come up with a single solution.

> 
> Amon.
> 
> P.S.: Would you mind moving this discussion to the RSBAC mailing list?

I'd love to, but I was unable to subscribe from my home account :(  The 
name server seems strage, a direct lookup doesn't produce a result, but 
going to the authoritative nameserves and digging does.

Paul
-------------------------------------------------------------------------
Paul D. Robertson
gatekeeper@gannett.com

## CrossPoint v3.11 ##
-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Top of Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RSBAC ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.