On Wed, 2004-10-13 at 11:20, Steve Coleman wrote: > This does bring to mind a burning question I have always had reguarding > some applications such as Java where the binary itself is too open ended > and where as the compiled class files, script file, or data dictate what > the runtime will do. I assume that many desktop environments (take your > pick) will have some form of builtin scripting support. How does SELinux > deal with these VM's? Is there any good docs online that discuss the > problems and current solutions that these present? Do they get their > security context from the script or data streams? >From the program/script. Transitions can occur on scripts (if they are exec'd), but the caller domain needs to be trusted with respect to the new domain (e.g. shedding permissions) in that case due to the lack of safety in script execution. Note that SELinux provides the necessary API to support userland policy enforcers, so a userspace VMM can be modified to use that API to obtain policy decisions to be applied to its internal abstractions which are not directly visible to the OS itself. dbus and X (but unfortunately not the X in Fedora yet) have been modified to use that API to enforce policy over their abstractions. This allows for layered security, with the OS providing process-level confinement and the higher level object managers refining that control. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
