Re: [RFC][PATCH 2/3] SLIM - flaw or feature?

From: Tim Fraser (tfraser@private)
Date: Mon Nov 28 2005 - 18:34:11 PST

Previous message: Tim Fraser: "Re: [RFC][PATCH 2/3] SLIM"
In reply to: Bob Oh: "Re: [RFC][PATCH 2/3] SLIM - flaw or feature?"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 2/3] SLIM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

bo> There seems to be absoutely -no- user-level partitioning..
bo> ..this is -not- MAC..

It's MAC; it's just not the least-privilege-confinement style of Type
Enforcement you're probably used to.  Like the optional Multi-level
Security (MLS) features in SELinux, its purpose is to control the
explicit movement of data between different "levels" of the system.

Back in the 80's someone might have stood up and cried that the scheme
you described wasn't MAC because it didn't have a *-property.  ;^)

Please see my 19 November 2005 response to James Morris for an
explanation of how Low Water-Mark works.  It's similar to Perl
taint-mode.

- Tim Fraser

Previous message: Tim Fraser: "Re: [RFC][PATCH 2/3] SLIM"
In reply to: Bob Oh: "Re: [RFC][PATCH 2/3] SLIM - flaw or feature?"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 2/3] SLIM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Nov 28 2005 - 18:35:29 PST