Downgrading labels
Ilmar S. Habibulin
ilmar at watson.org
Tue Mar 29 07:00:34 GMT 2005
On Sun, 27 Mar 2005, Robert Watson wrote:
> If you set a subject label with high, effective, and low labels identical,
> then there is no useful ability to relabel. However, you can use this
> mechanism to create daemons with limited privilege -- the ability to
> relabel solely between a limited set of compartments or levels, for
> example. This is a bit more granular than a single "is privileged" bit,
> and I think offers some useful benefits.
Robert, i know how your code works. I've just realized, that there is some
covert channel, if user can develop own apps and downgrade (for ex.) mls
label. He/she reads confidetial data in the apps internal buffer, then
down grade its mls label and store data in some file. Now we have the same
confidential information, but its label is downgraded.
My question was -- is it normal situation and this is automated system
developers/administrators/managers responsibility to bar such behaviour?
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list