Re: Summary of Informal SELinux Meeting on May 6, 2004

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-06-04 at 04:03, Russell Coker wrote:
> On Fri, 4 Jun 2004 05:57, Luke Kenneth Casson Leighton <lkcl@xxxxxxxx> wrote:
> >  all in the same single monolithic daemon that bound itself
> >  to several different ports and several different unix domain
> >  sockets, you wouldn't seriously consider saying that "this
> >  hybrid is a trusted application" would you?
> 
> "trusted" in this context does not mean "the code is great and we can totally 
> trust it", but rather "due to the design of the system we have no choice but 
> to trust it as it can totally break the security if it has a problem".

Further point of clarification:  It only has to be trusted to maintain
separation of data for the security contexts it is allowed to access,
e.g. it might be allowed to access data from multiple user roles and
maintain their separation without being allowed to access administrator
or system files.  So the trust is not absolute; the OS is still
enforcing some degree of confinement over the application.

I think Frank Mayer of Tresys has previously suggested using
"trustworthy" vs. "trusted" to distinguish the cases noted by Russell.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux