[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Selinux bash prompt decorations
|
From: |
Chet Ramey |
|
Subject: |
Re: Selinux bash prompt decorations |
|
Date: |
Tue, 04 Apr 2006 16:43:16 -0400 |
|
User-agent: |
Thunderbird 1.5 (Macintosh/20051201) |
Steve Grubb wrote:
> On Tuesday 04 April 2006 15:51, Chet Ramey wrote:
>> Are these values available to the user any other way -- say, through
>> environment or shell variables?
>
> No, they aren't available this way.
>
>> How about commands whose output may be assigned to shell variables?
>
> Yes, they can be acquired in a number of ways. But what we are trying to do
> is
> set things up so that people using this in a classified environment have an
> easy way to see what the session is running at. So, if you have multiple
> terminals open, you can see one session running at public, another at
> confidential, or another at secret. Or if they are running one window as
> secadm role and another at sysadm role, they can easily tell which is which.
>
> This is more of an idea about helping the user to see what security level
> each
> of these are running at. If, for example, they copy something from secret
> window and paste into public window, that will likely cause an audit event to
> be generated and security officers ask them what they were doing. If the user
> knew the sessions were at different levels, they wouldn't have tried it. (The
> security target assumes users are well behaved.)
>
> Hope this helps explain what we are thinking about...
I had a pretty good idea about the motivation. However, it introduces
dependencies on uncommon libraries, and does not have wide
applicability, so I am trying to figure out if it can be done using
existing mechanisms.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet )
Live Strong. No day but today.
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/