[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: Domain transition -- enabling user_r in eklogin
From: Russell Coker <russell () coker ! com ! au>
Date: 2002-12-21 22:34:19
[Download RAW message or body]
On Fri, 20 Dec 2002 21:07, Jesse Pollard wrote:
> > Are you sure that it's a good idea to make gpg a trusted program that can
> > over-ride MLS boundaries rather than have it merely be trusted to perform
> > the actions that the user requests of it?
>
> Not all boundaries - only the one protecting the gpg secret key. You have
> to trust some program somewhere, and this one would seem to be the minimum.
I probably should try out MLS.
> The only modifications I can think of are that it would NOT allow the key
> to be extracted IF it is providing output for a lower security level. I
> think it would be desirable to allow it to USE the key (for encryption,
> decrypton, and signing), but not allow the key itself to get out of the
> application, nor allow the key to be replaced.
OK. This all sounds reasonable. Are you planning to do some coding on it?
I have no plans to ever do any gpg coding...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic