[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New Audit types



On Wed, 02 Nov 2005 12:10:42 EST, Steve Grubb said:
> On Wednesday 02 November 2005 11:43, Matt Anderson wrote:
> >Here are the four types that were required for Cups
> >
> > AUDIT_LABELED_EXPORT
> > AUDIT_UNLABELED_EXPORT
> 
> Just a generic question -- do we need to patch cat, cp, rsync, scp, star, ...
 
> to have these, too? 
> 
> What if they do:
> file=`cat secret`
> echo $file > /mnt/unlabeled-device/file
> 
> Would it be reasonable to expect the shell script trigger this event? If so, 
> would we need to patch all these apps or should this be done via kernel 
> mechanism? If catching this is reasonable...what about anything else like 
> perl, python, expect, etc.

Presumably, that should be failed by SELinux or something as a violation
of the appropriate MLS constraint - a process running at some level allowed
to run 'cat secret' shouldn't be allowed to write to an unlabeled device.

CUPS needs special handling because it acts as a proxy for the user, and also
has to potentially deal with users in different security boxes, so it has to
re-create much of the checking and labelling done by the operating system
when it's the user acting directly.

> I think we also need these:
> 
> AUDIT_LABELED_IMPORT
> AUDIT_UNLABELED_IMPORT

We'll probably eventually need these, but not within the context of CUPS, unless
there's a CUPS facility that can do such importing?

Attachment: pgpyRJBp8qpiX.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]