On Mon, Mar 28, 2005 at 10:05:58AM -0500, Ivan Gyurdiev wrote:
> > ah! What you want is /home/tom/.etc/ ?
>
> Something like that - yes.
Ok, that's a good idea.
> > Behind the scenes, the file is relabeled or moved into another
> > directory where mplayer can access it.
>
> How does this relate to the SElinux work to secure the X server?
Not at all. X doesn't come in here. There's no reason why I can't do
something similar in non-X environments.
> Should the desktop environment be trusted?
Everything is trusted - to a degree. Can I trust my desktop environment
to relabel one filetype to one other filetype? For a military system
the answer would be no, but for a desktop system I think that's a risk
we can take.
> .. so what you're saying is that nautilus (running as user_t, which has
> read access to the file in question, as well as appropriate relabel
> access), should determine its mime type, or use the DND target app, and
> associate a context with that, which the mime handler can play, then
> relabel file to that context (can't copy - what if it's huge?).... and
> do this for every mime handler I attempt to open it with?
You could do priviledge seperation and have a relabeling demon running
in the background.
There's a dozen ways to do it. I really don't care much about which
exactly is used. The point I'm adamant about is two-fold: a) no generic
directories accesable by anyone and their dog - b) explicit transfers
through user interaction are a good idea. Not everything should be
transparent. Firefox's "hey, you downloaded this .exe from the 'net,
you sure you really wanna run it?" is a _good_ idea.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@xxxxxxxxxxx>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
|
