Re: Open then gates

To: debian-devel@lists.debian.org
Subject: Re: Open then gates
From: Russell Coker <russell@coker.com.au>
Date: Fri, 21 May 2010 10:15:14 +1000
Message-id: <[🔎] 201005211015.14821.russell@coker.com.au>
In-reply-to: <[🔎] 201005151407.44725.robert@vhios>
References: <20091123233240.GB3498@rivendell> <[🔎] 1273924063.3180.105.camel@fermat.scientia.net> <[🔎] 201005151407.44725.robert@vhios>

On Saturday 15 May 2010 22:07:44 Robert Klotzner wrote:
> There is a reason why things like selinux are developed.

http://en.wikipedia.org/wiki/Discretionary_Access_Control
http://en.wikipedia.org/wiki/Mandatory_access_control

Yes.  The design of Unix permissions is based on the DAC principle, allowing 
users to mess up and disclose their own confidential data or other people's 
data that they are entrusted with is part of the design.

With a MAC system such as SE Linux you can deny users the ability to 
inappropriately share data.  With SE Linux in Squeeze you will be able to 
control file based sharing via category sets and/or by assigning users to 
different SE Linux identities.  For user A to read data from user B the users 
will need to have the same SE Linux identity and user A will need to have a 
"level" in the MCS system that is equal or superior to the level of user B.

One of many possible uses of MCS would be to have a category for each user in 
a group and have their manager/teacher/whatever have the set of all categories 
to enable reading all their files.  Of course that simplistic model would only 
work in an organisation with less than 1024 users.

Reply to:

References:
- Re: Open then gates
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Open then gates
  - From: Robert Klotzner <robert.klotzner@gmx.at>

Prev by Date: Re: APT do not work with Squid as a proxy because of pipelining default
Next by Date: Bug#582470: ITP: haskell-primitive -- Wrappers for primitive operations
Previous by thread: Re: Open then gates
Next by thread: Re: Open then gates
Index(es):
- Date
- Thread