[rsbac] Login process

Juan Espino jp.espino at gmail.com
Wed Feb 23 00:03:27 CET 2005

----- Original Message ----- 
From: "Amon Ott" <ao at rsbac.org>
To: "RSBAC Discussion and Announcements" <rsbac at rsbac.org>
Sent: Tuesday, February 22, 2005 11:29 AM
Subject: Re: [rsbac] Login process

> On Dienstag 22 Februar 2005 17:14, Juan Espino wrote:
> > In a normal Linux I understand (maybe I'm wrong) in a login process
> the system checks /etc/passwd for authenticate the users.   This
> means that then a normal user happens to be root to be able to read
> the file passwd to authenticate him.
> The login program runs with higher privileges. It only setuids to the
> uid after authentication.
> > My question is what happen in Linux with rsbac.  For example I think
> the file passwd must  be a greatest sensitive label (e.g.  TOP
> SECRET), then what happen if a user with a label NO CLASSIFIED login
> into the system, how the system checks the identity of this user ?
> The same: The login program runs with high privileges, setuids and
> thus looses the extra privileges.
> BTW, /etc/passwd must be readable for all users. The more interesting
> file is /etc/shadow, which contains the passwords.
> Amon.

Thanks a lot Amon.

In the same way,  you do not think that the SUID concept violates the model
of Bell & Lapadula?.  I'm not very clear in that part,  you know how they
did the operating systems certified B1 (or B2,B3,A1)?, thanks for any

More information about the rsbac mailing list