On Thu, 24 Jan 2002 jmjonesat_private wrote: > Thanks. This is a good answer to my concerns. The only remaining > issue I have is how archeological or ported-from-other-operating systems > products may achieve "unmoderated" or "moderated-appropriately" status > under a restrictive module. > > Is there a standard way or must application designers write code to > multiple situations? This naturally depends on the security module, and there is no standard way defined by LSM. However, it doesn't have to require any application changes. In the "setuid root" example, you don't have to change the application in order to gain privileges, you just set the setuid root bit on the program. Likewise, type enforcing systems will typically let you set the type on the program (or otherwise mark it as an entrypoint) to indicate that it should be run in a given domain, and the policy can assign the necessary permissions to that domain. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:24:36 PST