>>> Since in a UNIX system authority to access a filesystem is
>>> basically tied to an identity (a user's id), how exactly does
>>> Xenix prevent a process from leaking information through the
>>> filesystem (or any other means, it's the same issue anyway)
>>> to another process by the same user?
>>
>> B2 is tied to priviledge levels and 'compartmentalisation' stuff.
>
> Could you please explain how those privilege levels are used to
> accomplish the above given task?
For Trusted Solaris at least:
Multilevel directories (MLDs) such as a typical home directory
can store data by sensitivity label in hidden subdirectories
called single-level directories (SLDs).
Only the files at your current sensitivity label are visible.
Your .bashrc file stored as /home/.MLD.username/.SLD.2/.bashrc
can be accessed as /home/username/.bashrc when your current
sensitivity label matches that of the .SLD.2 part of the path.
It is a bit like variable symlinks:
username --> .MLD.username/.SLD.${MSEN}
The MLD is a real directory though. (Digital Unix marks it with a
flag bit. Solaris might just use the configurable ".MLD." prefix)
Appropriately privileged processes can specify the "fully adorned"
path to access files with other sensitivity labels. (it is not a
system priv like "write anything", but a range or set of sensitivity
labels associated with the process) Users can't explicitly create
anything in a MLD, and would not be able to list all the SLDs.
mkdir(1) has a -M option to create a MLD.
The .SLD.* directories are created automatically. If you logged in
with a sensitivity label that you had never used before, you would
end up with a new /home/.MLD.username/.SLD.* directory.
The system supports regular unix directories, but you can only use
them from on sensitivity label. To solve that problem, at least /tmp
and $HOME have to be MLDs. MLDs always contain SLDs and nothing else,
but they appear to contain the contents of the SLD that matches your
current sensitivity label. An SLD can only be inside a MLD, so they
are a matched pair in a fully adorned path like /.MLD.tmp/.SLD.1 is.
Here is a huge URL that could be useful:
http://docs.sun.com:80/ab2/@Ab1CollToc?abcardcat=/safedir/space4
/pkgs/collections/ab1/SUNWtab/ab_cardcatalog
And another, specifically about directories:
http://docs.sun.com:80/ab2/@LegacyPageView?toc=SUNWab_175_2:
/safedir/space4/pkgs/collections/ab1/SUNWtab/toc/TRSOLDEV:
Page_199;bt=Trusted+Solaris+Developer%27s+Guide;ps=ps/SUNWab_175_2
/TRSOLDEV/08.Multilevel_Directories
And the intro to software development on Trusted Solaris:
http://docs.sun.com:80/ab2/@LegacyPageView?toc=SUNWab_175_2:
/safedir/space4/pkgs/collections/ab1/SUNWtab/toc/TRSOLDEV:
Contents;bt=Trusted+Solaris+Developer%27s+Guide;ps=ps/SUNWab_175_2
/TRSOLDEV/Contents
Trusted Solaris in general:
http://docs.sun.com:80/ab2/@TopicBrowse?topic=TSol251_C
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/