On Mon, Mar 28, 2005 at 10:05:58AM -0500, Ivan Gyurdiev wrote: > > ah! What you want is /home/tom/.etc/ ? > > Something like that - yes. Ok, that's a good idea. > > Behind the scenes, the file is relabeled or moved into another > > directory where mplayer can access it. > > How does this relate to the SElinux work to secure the X server? Not at all. X doesn't come in here. There's no reason why I can't do something similar in non-X environments. > Should the desktop environment be trusted? Everything is trusted - to a degree. Can I trust my desktop environment to relabel one filetype to one other filetype? For a military system the answer would be no, but for a desktop system I think that's a risk we can take. > .. so what you're saying is that nautilus (running as user_t, which has > read access to the file in question, as well as appropriate relabel > access), should determine its mime type, or use the DND target app, and > associate a context with that, which the mime handler can play, then > relabel file to that context (can't copy - what if it's huge?).... and > do this for every mime handler I attempt to open it with? You could do priviledge seperation and have a relabeling demon running in the background. There's a dozen ways to do it. I really don't care much about which exactly is used. The point I'm adamant about is two-fold: a) no generic directories accesable by anyone and their dog - b) explicit transfers through user interaction are a good idea. Not everything should be transparent. Firefox's "hey, you downloaded this .exe from the 'net, you sure you really wanna run it?" is a _good_ idea. -- http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@xxxxxxxxxxx> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
