Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: Multiple contexts
From: Stephen Smalley <sds_at_epoch.ncsc.mil>
Date: Thu, 13 Jan 2005 11:03:23 -0500
It isn't a format issue; it is whether the policy is self-contained within the binary policy or whether it is distributed throughout the filesystem (and more generally, the set of all object attributes).
> 1) if someone does a "chcon -t F2 foobar" all bets would be off as Non-tranquility (ability to change the label on a subject or object) is an issue, but you can bound it statically in the policy, i.e. the policy can already ensure that F1 can never be relabeled to F2 or vice versa. If the policy allows F1 to be relabeled to F2 or vice versa, then that fact will also show up in an information flow analysis of the policy, without requiring examination of filesystem state. Also, some further controls over relabeling are coming in the MLS work.
> 2 ) even if they did chcon -t "F1,F2" foobar, you would still expect If the mechanism allows it to happen at all, you can't make any guarantees without examination of the filesystem state.
> the analysis would need the macro-munging approach _anyway_ in No. The analysis tools operate on policy.conf or binary policy already; they don't care about the macros, nor should they. The raw policy.conf or binary policy tells the true story about possible information flow, and that is what we want to know. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 13 Jan 2005 - 11:09:30 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |