> --- Stephen Smalley <sds@private> wrote: > I donīt think so. You would just argue that > filenames are not separable > objects in Unix/Linux, that they are part of the > content of directory > objects in Unix/Linux, and that MAC policy does > control the ability to > read directories based on their label. Just so. Strictly for its amusement value I have attached the System Call Security Analysis document that was the cornerstone for our 1995 B1 evaluation. This document was published as part of the SGI OB1 open source effort some years ago now, but has gotten hard to find on the web. The relevence to the topic at hand is the relationship between file system objects, their names, their attributes, and the system access control policy. Yes, I know that CC ain't TCSEC. A similar document was used for our CC LSPP/EAL3 evaluation of 2002, but that document has not been made public. Enjoy. ------------------------ Casey Schaufler casey@schaufler-ca.com 650.906.1780
This archive was generated by hypermail 2.1.3 : Thu Jan 05 2006 - 15:30:40 PST