On Mon, 9 Aug 1999, Adam Morris wrote: > The CMW machines (Compartmentalised Mode Workstation) has the > concept of "multi level directories" These include such things as > /tmp. When you are operating at level "Top Secret" you have what > appears to be a different /tmp from when you are operating at level > "unclassified". The multilevel directory in CMW doesn't solve the per user problem; it just enforces mandatory access control. If two processes are at "UNCLASSIFIED", they are using the same /tmp, so this class of problems still exists. It is still up to the app designer to be careful about problems with /tmp. Perhaps if each user had a unique sensitivity label (like use UID as SL), then you'd get a per user /tmp, but I would imagine that would create a lot of other usability problems (setting up dominance relations would just suck!). > As far as I can tell, it does actually keep the > files in different directories. I haven't really poked around at > the raw disk level on one of these beasts though (which requires > special privileges) so I can't guarantee it. You can definitely > have two different files in different level /tmp directories with > the same name. Yes, multilevel directories are separate directories. The system hides a layer for you, so it's something like this: /tmp/UNCLASSIFIED /tmp/TOP_SECRET /tmp/SECRET ..etc, with new levels being created as needed. My knowlege is based on HP-UX's CMW product. -James Pace
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:53 PDT