On Wed, 02 Nov 2005 12:10:42 EST, Steve Grubb said: > On Wednesday 02 November 2005 11:43, Matt Anderson wrote: > >Here are the four types that were required for Cups > > > > AUDIT_LABELED_EXPORT > > AUDIT_UNLABELED_EXPORT > > Just a generic question -- do we need to patch cat, cp, rsync, scp, star, ... > to have these, too? > > What if they do: > file=`cat secret` > echo $file > /mnt/unlabeled-device/file > > Would it be reasonable to expect the shell script trigger this event? If so, > would we need to patch all these apps or should this be done via kernel > mechanism? If catching this is reasonable...what about anything else like > perl, python, expect, etc. Presumably, that should be failed by SELinux or something as a violation of the appropriate MLS constraint - a process running at some level allowed to run 'cat secret' shouldn't be allowed to write to an unlabeled device. CUPS needs special handling because it acts as a proxy for the user, and also has to potentially deal with users in different security boxes, so it has to re-create much of the checking and labelling done by the operating system when it's the user acting directly. > I think we also need these: > > AUDIT_LABELED_IMPORT > AUDIT_UNLABELED_IMPORT We'll probably eventually need these, but not within the context of CUPS, unless there's a CUPS facility that can do such importing?
Description: PGP signature