[rsbac] Login process
Juan Espino
jp.espino at gmail.com
Wed Feb 23 00:03:27 CET 2005
----- Original Message -----
From: "Amon Ott" <ao at rsbac.org>
To: "RSBAC Discussion and Announcements" <rsbac at rsbac.org>
Sent: Tuesday, February 22, 2005 11:29 AM
Subject: Re: [rsbac] Login process
> On Dienstag 22 Februar 2005 17:14, Juan Espino wrote:
> > In a normal Linux I understand (maybe I'm wrong) in a login process
> the system checks /etc/passwd for authenticate the users. This
> means that then a normal user happens to be root to be able to read
> the file passwd to authenticate him.
>
> The login program runs with higher privileges. It only setuids to the
> uid after authentication.
>
> > My question is what happen in Linux with rsbac. For example I think
> the file passwd must be a greatest sensitive label (e.g. TOP
> SECRET), then what happen if a user with a label NO CLASSIFIED login
> into the system, how the system checks the identity of this user ?
>
> The same: The login program runs with high privileges, setuids and
> thus looses the extra privileges.
>
> BTW, /etc/passwd must be readable for all users. The more interesting
> file is /etc/shadow, which contains the passwords.
>
> Amon.
Thanks a lot Amon.
In the same way, you do not think that the SUID concept violates the model
of Bell & Lapadula?. I'm not very clear in that part, you know how they
did the operating systems certified B1 (or B2,B3,A1)?, thanks for any
comment.
More information about the rsbac
mailing list