[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [redhat-lspp] Getting rid of multilevel objects
- From: LC Bruzenak <lenny bruzenak com>
- To: casey schaufler-ca com
- Cc: lspp-list <redhat-lspp redhat com>, Klaus Weidner <klaus atsec com>
- Subject: Re: [redhat-lspp] Getting rid of multilevel objects
- Date: Fri, 07 Jul 2006 22:22:12 -0500
On Fri, 2006-07-07 at 17:01 -0700, Casey Schaufler wrote:
...
> > >
> > > - MLS X11 servers
> >
> > People are working on this, but I'm not aware of
> > current plans to include
> > that in an evaluated configuration.
>
> It's always the first thing to go.
Yes, and what a shame that is.
The poorest labeled X demo beats the best demo without it.
Decision makers who have real need for MLS systems can understand SECRET
windows doing SECRET stuff; TOP SECRET windows doing TS stuff.
Add it in post-evaluation and the accreditors balk.
...
> >
> > Not quite, trusted programs ...
>
> Are decidedly uninteresting.
>
> > could have an override
> > capability which lets
> > them communicate anyway while still keeping that
> > functionality away from
> > ordinary users. The challenge is doing that cleanly
> > and safely in sshd
> > in combination with labeled networking...
>
> I claim that you can't do it and maintain
> the integrity of your MLS.
Casey, can you elaborate a bit on this assertion?
I agree it is not without risk but feel it may be acceptable given that
the trusted program should be well-behaved. Or does it open an exploit
potential?
LCB.
--
LC Bruzenak
lenny bruzenak com
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]