[redhat-lspp] Getting rid of multilevel objects

[Casey Schaufler]

--- Klaus Weidner <klaus at atsec.com> wrote:

> It should be ok to use newrole on a local or serial
> console where the
> entire communication chain to the user can be
> relabeled sanely,

Thank heavens STREAMS isn't an issue.

You still have to worry about redirected
descriptors, device buffers (how much
memory in the terminal? Are the function
keys programmable?) and the like. How can
you be sure that "tee" has never been
invoked? Or strace?



Casey Schaufler
casey at schaufler-ca.com