[redhat-lspp] Just noticed a problem with semanage/semodule and SELinux policy
Casey Schaufler
casey at schaufler-ca.com
Fri Jan 26 20:01:30 UTC 2007
--- Darrel Goeddel <dgoeddel at trustedcs.com> wrote:
> The theory is that these files can contain the
> lables up to systemhigh. The
> mere existence of the label is classified just like
> data having that label.
Prior evaluations have not been held to
this constraint. The existance of a container
is evidence of content, but does not disclose
that content. The existance of a name is
evidence of an object, but does not necessarily
disclose characteristics of the object.
Consider the pentagon. You know its name,
I know its name, and we both know it contains
classified information. It is not, even under
the Patriot Act, treason to shout "Pentagon"
in the international terminal at Dullas Airport.
Further, there is a long tradition of
obfuscation in the choice of "label" names,
including such well known examples as "tank"
and "bazooka".
Casey Schaufler
casey at schaufler-ca.com
More information about the redhat-lspp
mailing list