[redhat-lspp] Objects
Steve Grubb
sgrubb at redhat.com
Mon Sep 19 22:19:44 UTC 2005
On Monday 19 September 2005 17:56, Janak Desai wrote:
> I wonder if we can get away by not enforcing MAC on keys and explaining that
> away in ST.
I don't want to "get away" with something. This work is going to be certified
over time by different accreditors that may have different interpretations
and on non-Red Hat distros. I would like to think we've done a complete job
when this is all done.
The fact of the matter is information can be exchanged by keys across process
boundaries and the information can be user defined. This roughly fits what
you can do with shared memory.
There may also be a need to restrict information flow for some sensitive keys
to make sure only the right processes get access and not a script running
from procmail under your account.
There are also requirements to audit any authentication mechanisms.
I think there are several reasons to make it "Object" status.
-Steve
More information about the redhat-lspp
mailing list