Re: authentication / encryption key retention

From: Stephen Smalley
Date: Tue Aug 26 2003 - 11:28:44 EST

Next message: Valdis . Kletnieks: "Re: authentication / encryption key retention"
Previous message: J.A. Magallon: "Re: [PATCH] 2.4: always_inline for gcc3"
In reply to: Valdis . Kletnieks: "Re: authentication / encryption key retention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-08-26 at 06:12, David Howells wrote:
> > But some parts of the kernel might look at only the process-local keys
> > ("does this process have rights to do that?")
>
> Why? If a process has access to appropriate UID-level or GID-level keys, then
> surely it has the rights to do "that", even if it hasn't copied them into its
> process level keyring...

Because not every process that runs under your identity should have your
full set of rights. You should be able to confine a given process based
on more than just the associated user identity, e.g. the role and
clearance in which the user is operating, the function and
trustworthiness of the program that the process is executing, etc.
Otherwise, you have no protection against flawed or malicious programs
executed from any of your sessions.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: authentication / encryption key retention"
Previous message: J.A. Magallon: "Re: [PATCH] 2.4: always_inline for gcc3"
In reply to: Valdis . Kletnieks: "Re: authentication / encryption key retention"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]