sds> I'm not clear on the latter claim.... in SELinux, we just deny sds> the access when it isn't actually needed for operation, and sds> dontaudit it to avoid noise in the audit log, so the process sds> proceeds without contamination). I was claiming that the Low-Water-Mark-style implementation of a taint-oriented strategy is more compatible with traditional UNIX than a demotion-free Biba-Strict-style implementation would be. I wasn't making any comparison with your current SELinux policy other than to say that the least-privilege strategy it uses is different from the taint-oriented strategy Low Water-Mark schemes use. I'm not trying to talk you out of your preference for the least-privilege strategy. I'm just pointing out that SLIM seems to implement one of the few protection schemes not already covered by SELinux. Consequently, if you'd like to demonstrate the generality of the FLASK architecture or the LSM interface, I think SLIM deserves consideration. - Tim Fraser
This archive was generated by hypermail 2.1.3 : Wed Nov 30 2005 - 05:40:44 PST