SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Multiple contexts This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Stephen Smalley <sds_at_epoch.ncsc.mil> Date: Thu, 13 Jan 2005 11:03:23 -0500 On Wed, 2005-01-12 at 18:01, Luke Kenneth Casson Leighton wrote: > yep - and the policy analysis tools would need to understand the > new format. It isn't a format issue; it is whether the policy is self-contained within the binary policy or whether it is distributed throughout the filesystem (and more generally, the set of all object attributes). > 1) if someone does a "chcon -t F2 foobar" all bets would be off as > far as static analysis is concerned. Non-tranquility (ability to change the label on a subject or object) is an issue, but you can bound it statically in the policy, i.e. the policy can already ensure that F1 can never be relabeled to F2 or vice versa. If the policy allows F1 to be relabeled to F2 or vice versa, then that fact will also show up in an information flow analysis of the policy, without requiring examination of filesystem state. Also, some further controls over relabeling are coming in the MLS work. > 2 ) even if they did chcon -t "F1,F2" foobar, you would still expect > them to be doing that as an "interim" measure whilst they were > testing something _pending_ formal analysis by putting that > into the policy files. If the mechanism allows it to happen at all, you can't make any guarantees without examination of the filesystem state. > the analysis would need the macro-munging approach _anyway_ in > order to "grok" the new syntax - an intermediate preprocessing > stage that "notices" multiple-file-applications (including > possibly expanding regexps!) and ending up with something > like this: No. The analysis tools operate on policy.conf or binary policy already; they don't care about the macros, nor should they. The raw policy.conf or binary policy tells the true story about possible information flow, and that is what we want to know. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 13 Jan 2005 - 11:09:30 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: Multiple contexts" Previous message: Stephen Smalley: "Re: Multiple contexts" In reply to: Luke Kenneth Casson Leighton: "Re: Multiple contexts" Next in thread: Stephen Smalley: "Re: Multiple contexts" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom