Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Question on networking accesses
From: Casey Schaufler <casey_at_schaufler-ca.com>
Date: Mon, 21 May 2007 09:07:21 -0700 (PDT)
> On Monday, May 21 2007 9:48:52 am Casey Schaufler wrote: How about if I throw out an example. The evaluation team loved this one back in '92. I have a tic-tac-toe server that does little but maintain a tic-tac-toe board. It allows two connections, one for the "X" player and one for the "O" player. Player X invokes the tictacclient program, which sends a UDP packet to tictacserver. The client may be local or remote. What access control decisions are made, where, and using what information? The decision may be different if it's seen as a write from tictacclient to tictacserver than if it's seen as a read from tictacclient by tictacserver. The decision may have another outcome entirely if the packet is treated as a named object that is created by tictacclient. So, what should the creator of this tic-tac-toe system expect on an selinux system? Will the access decision be based on a write from the client, a read by the server, the attribues associated with a packet object, or something else entirely? Historical MLS systems treated the access as a write by the client to the server (well, the server's socket) but the MLS rules typically limited the communications to matching labels. SELinux is much more likely to encounter a situation where the client might be able to write to the server but the server might not be allowed to read the client (or the other way around). It may matter if it is a read or a write.
Casey Schaufler
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 21 May 2007 - 12:07:29 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |