posix mac
Ilmar S. Habibulin
ilmar at ints.ru
Wed Apr 14 04:02:58 GMT 1999
On Tue, 13 Apr 1999, Casey Schaufler wrote:
> > Tomorrow i read posix.1e mac chapter carefully. My opinion - posix mac
> > suxx. :(
> Oh, you hurt my feelings.
Sorry, i don't want to. ;-)))
> > It doesn't control sockets operations (maybe just because sockets
> > are not posix api?)
> That's correct. For sockets, you'll need the TSIX API. You can
> find that at http://www.tsig.org
Its very difficult task to implement sensivity labels in ip datagrams as
they are. :( I didn't read all docs there, but is suppose, that X wouldn't
work with that.
> > and it doesn't have access level decrement rule.
> There's very little policy defined in the Posix spec. There isn't
> supposed to be any, as vendor policies vary. Trix, for example,
> supports an integrity policy as well as a sensitivity policy.
Now we trying to implement posix. And sockets, as i know, is very wide
spread interface.
> > I know, that it is simply Bell-LaPadula model, but i suppose life is hard
> > without decresing. Any comments?
> While the Posix interfaces are heavily influenced by the B&L
> policy, they are not toady to it.
Ok, lets forget about decrement rule, but i think, that posix should
mention other possible system objects, like sockets, SysV IPC. Because if
i would follow posix, i'll make a BIG hole in security of the system.
Maybe i just missed explanetions about that? How should i manage with this
object?
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list