[prev in list] [next in list] [prev in thread] [next in thread]
List: rsbac
Subject: Re: [rsbac] Login process
From: "Juan Espino" <jp.espino () gmail ! com>
Date: 2005-02-22 23:03:27
Message-ID: 007601c51932$ba2ba990$1401a8c0 () langoleer2
[Download RAW message or body]
----- Original Message -----
From: "Amon Ott" <ao@rsbac.org>
To: "RSBAC Discussion and Announcements" <rsbac@rsbac.org>
Sent: Tuesday, February 22, 2005 11:29 AM
Subject: Re: [rsbac] Login process
> On Dienstag 22 Februar 2005 17:14, Juan Espino wrote:
> > In a normal Linux I understand (maybe I'm wrong) in a login process
> the system checks /etc/passwd for authenticate the users. This
> means that then a normal user happens to be root to be able to read
> the file passwd to authenticate him.
>
> The login program runs with higher privileges. It only setuids to the
> uid after authentication.
>
> > My question is what happen in Linux with rsbac. For example I think
> the file passwd must be a greatest sensitive label (e.g. TOP
> SECRET), then what happen if a user with a label NO CLASSIFIED login
> into the system, how the system checks the identity of this user ?
>
> The same: The login program runs with high privileges, setuids and
> thus looses the extra privileges.
>
> BTW, /etc/passwd must be readable for all users. The more interesting
> file is /etc/shadow, which contains the passwords.
>
> Amon.
Thanks a lot Amon.
In the same way, you do not think that the SUID concept violates the model
of Bell & Lapadula?. I'm not very clear in that part, you know how they
did the operating systems certified B1 (or B2,B3,A1)?, thanks for any
comment.
_______________________________________________
rsbac mailing list
rsbac@rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic