On 8/25/06, matthew green <mrg@eterna.com.au> wrote:
> why do i need MLS?  the web server log file can be writeable
> but not readable by the web server user, given standard unix
> permission model.  what does MLS provide?

So he overwrites the entire file out of spite?

Now, you might be able to use attributes to allow append-only writing,
I'm not really sure, but it's a straw-man example.  I'm sure there are
more complicated examples, that require management of a lot of
pseudo-UIDs, which is fungible with MAC; the extent of the
fungibility is something I'm not expert enough to answer.

To emulate SELinux policies with Unix permissions, it requires a lot
of UIDs, and some of that policy is in /etc/passwd, and some of
that policy is in SUID programs, and some of that policy is in the
file system permissions and owners.  With SELinux it's almost
all in the policy file.  Sure, it may be macro-expanded to 50,000
rules on a typical system, but how many files do you have on your
file system?  What do your GUI tools for managing permissions
on every file in your file system look like?
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484