[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Selinux bash prompt decorations
|
From: |
Steve Grubb |
|
Subject: |
Re: Selinux bash prompt decorations |
|
Date: |
Tue, 4 Apr 2006 16:15:16 -0400 |
|
User-agent: |
KMail/1.9.1 |
On Tuesday 04 April 2006 15:51, Chet Ramey wrote:
> Are these values available to the user any other way -- say, through
> environment or shell variables?
No, they aren't available this way.
> How about commands whose output may be assigned to shell variables?
Yes, they can be acquired in a number of ways. But what we are trying to do is
set things up so that people using this in a classified environment have an
easy way to see what the session is running at. So, if you have multiple
terminals open, you can see one session running at public, another at
confidential, or another at secret. Or if they are running one window as
secadm role and another at sysadm role, they can easily tell which is which.
This is more of an idea about helping the user to see what security level each
of these are running at. If, for example, they copy something from secret
window and paste into public window, that will likely cause an audit event to
be generated and security officers ask them what they were doing. If the user
knew the sessions were at different levels, they wouldn't have tried it. (The
security target assumes users are well behaved.)
Hope this helps explain what we are thinking about...
Thanks,
-Steve Grubb