[redhat-lspp] /home at SystemHigh
LC Bruzenak
lenny at bruzenak.com
Fri Feb 24 18:35:56 UTC 2006
On Fri, 2006-02-24 at 13:13 -0500, schaufler-ca.com - Casey Schaufler
wrote:
> --- Klaus Weidner <klaus at atsec.com> wrote:
>
> > Something like the following sequence:
> >
> > - sysadmin starts adding user Joe
> >
> > - The new /home/joe/ starts out at SystemHigh
> >
> > - some other process puts a secret file into
> > /home/joe/unimportant.txt
> >
> > - the final useradd step, or a later sysadmin
> > action, downgrades
> > /home/joe/ recursively to SystemLow, including the
> > formerly top secret
> > file
>
> The old crusty B1 systems that have been
> around since the 1980s have to deal with this.
> You could do worse than looking to see how
> they handled the issue rather than reinventing
> the solution over and over redundently again.
>
>
As an old crusty guy who has been involved with those systems I had to
ask...
But basically what I get from Klaus's answer is that you are trying to
ensure that the administrative steps don't have exploitative (even
unintentional) "holes".
And I think that the example (though I realize it was for example's
sake) brings up a fundamental development concept:
Start with the correct level and the policy will protect you.
--
LC Bruzenak
lenny at bruzenak.com
More information about the redhat-lspp
mailing list