bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Selinux bash prompt decorations


From: Steve Grubb
Subject: Re: Selinux bash prompt decorations
Date: Tue, 4 Apr 2006 16:15:16 -0400
User-agent: KMail/1.9.1

On Tuesday 04 April 2006 15:51, Chet Ramey wrote:
> Are these values available to the user any other way -- say, through
> environment or shell variables?

No, they aren't available this way.

> How about commands whose output may be assigned to shell variables?

Yes, they can be acquired in a number of ways. But what we are trying to do is 
set things up so that people using this in a classified environment have an 
easy way to see what the session is running at. So, if you have multiple 
terminals open, you can see one session running at public, another at 
confidential, or another at secret. Or if they are running one window as 
secadm role and another at sysadm role, they can easily tell which is which.

This is more of an idea about helping the user to see what security level each 
of these are running at. If, for example, they copy something from secret 
window and paste into public window, that will likely cause an audit event to 
be generated and security officers ask them what they were doing. If the user 
knew the sessions were at different levels, they wouldn't have tried it. (The 
security target assumes users are well behaved.)

Hope this helps explain what we are thinking about...

Thanks,
-Steve Grubb




reply via email to

[Prev in Thread] Current Thread [Next in Thread]