Re: SELinux metadata protection

From: - Casey Schaufler (
Date: Thu Jan 05 2006 - 15:31:11 PST

> --- Stephen Smalley <sds@private> wrote:
> I donīt think so.  You would just argue that
> filenames are not separable
> objects in Unix/Linux, that they are part of the
> content of directory
> objects in Unix/Linux, and that MAC policy does
> control the ability to
> read directories based on their label.

Just so.

Strictly for its amusement value I have attached
the System Call Security Analysis document that
was the cornerstone for our 1995 B1 evaluation.
This document was published as part of the SGI
OB1 open source effort some years ago now, but
has gotten hard to find on the web. The relevence
to the topic at hand is the relationship between
file system objects, their names, their attributes,
and the system access control policy. Yes, I
know that CC ain't TCSEC. A similar document
was used for our CC LSPP/EAL3 evaluation of 2002,
but that document has not been made public.

Casey Schaufler

This archive was generated by hypermail 2.1.3 : Thu Jan 05 2006 - 15:30:40 PST