Subject: Re: authentication / encryption key retention
From: Stephen Smalley <sds@epoch.ncsc.mil>
To: David Howells <dhowells@redhat.com>
Cc: Linus Torvalds <torvalds@osdl.org>, lkml <linux-kernel@vger.kernel.org>
In-Reply-To: <11490.1061892774@redhat.com>
References: <Pine.LNX.4.44.0308221044470.20736-100000@home.osdl.org>
	 <11490.1061892774@redhat.com>
Content-Type: text/plain
Organization: National Security Agency
Message-Id: <1061915194.23880.218.camel@moss-spartans.epoch.ncsc.mil>
Mime-Version: 1.0
Date: 26 Aug 2003 12:26:35 -0400
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1125
Lines: 25

On Tue, 2003-08-26 at 06:12, David Howells wrote:
> > But some parts of the kernel might look at only the process-local keys 
> > ("does this process have rights to do that?")
> 
> Why? If a process has access to appropriate UID-level or GID-level keys, then
> surely it has the rights to do "that", even if it hasn't copied them into its
> process level keyring...

Because not every process that runs under your identity should have your
full set of rights.  You should be able to confine a given process based
on more than just the associated user identity, e.g. the role and
clearance in which the user is operating, the function and
trustworthiness of the program that the process is executing, etc. 
Otherwise, you have no protection against flawed or malicious programs
executed from any of your sessions.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/