| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Jul 2006 16:54:51 +0000 From: Pavel Machek <pavel@...e.cz> To: Kylene Jo Hall <kjhall@...ibm.com> Cc: linux-kernel <linux-kernel@...r.kernel.org>, LSM ML <linux-security-module@...r.kernel.org>, Dave Safford <safford@...ibm.com>, Mimi Zohar <zohar@...ibm.com>, Serge Hallyn <sergeh@...ibm.com> Subject: Re: [RFC][PATCH 3/6] SLIM main patch Hi! > SLIM inherently deals with dynamic labels, which is a feature not > currently available in selinux. While it might be possible to > add support for this to selinux, it would not appear to be simple, > and it is not clear if the added complexity would be desirable > just to support this one model. (Isn't choice what LSM is all about? :-) > > Comments on the model: > > Some of the prior comments questioned the usefulness of the > low water-mark model itself. Two major questions raised concerned > a potential progression of the entire system to a fully demoted > state, and the security issues surrounding the guard processes. > > In normal operation, the system seems to stabilize with a roughly > equal mixture of SYSTEM, USER, and UNTRUSTED processes. Most > applications seem to do a fixed set of operations in a fixed domain, > and stabilize at their appropriate level. Some applications, like > firefox and evolution, which inherently deal with untrusted data, > immediately go to the UNTRUSTED level, which is where they belong. > In a couple of cases, including cups and Notes, the applications > did not handle their demotions well, as they occured well into their > startup. For these applications, we simply force them to start up > as UNTRUSTED, so demotion is not an issue. The one application > that does tend to get demoted over time are shells, such as bash. > These are not problems, as new ones can be created with the > windowing system, or with su, as needed. To help with the associated > user interface issue, the user space package README shows how to > display the SLIM level in window titles, so it is always clear at > what level the process is currently running. This -- or preferably some better explanation -- needs to go into Documentation somewhere. Is this supposed to protect my ~/.ssh/private_key from mozilla? How will it work in case such as ssh? It takes password / reads private key I care about, then communicates with remote server... > As mentioned earlier, cupsd and notes are applications which are > always run directly in untrusted mode, regardless of the level of > the invoking process. So I will not be able to print my private key? Pavel -- Thanks for all the (sleeping) penguins. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists