tech-security: Re: SE Linux vs SE NetBSD !!

Subject: Re: SE Linux vs SE NetBSD !!
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Travis H. <solinym@gmail.com>
List: tech-security
Date: 08/25/2006 17:51:27

On 8/25/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> Now let's look at your example.  Let's assume that some PHP script is
> writing that logfile entry.  That implies that it had the right security
> permissions to read the credit card number from some file

Sorry, the Credit Card number comes from a web form, that is, from the
network connection.  The rest of the argument is irrelevant because of this.

A PHP compromise can cull future CC# entries, but not past ones.
So, the system with MLS is forward secure.
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484