On Tuesday 04 April 2006 15:51, Chet Ramey wrote: > Are these values available to the user any other way -- say, through > environment or shell variables?
No, they aren't available this way. > How about commands whose output may be assigned to shell variables? Yes, they can be acquired in a number of ways. But what we are trying to do is set things up so that people using this in a classified environment have an easy way to see what the session is running at. So, if you have multiple terminals open, you can see one session running at public, another at confidential, or another at secret. Or if they are running one window as secadm role and another at sysadm role, they can easily tell which is which. This is more of an idea about helping the user to see what security level each of these are running at. If, for example, they copy something from secret window and paste into public window, that will likely cause an audit event to be generated and security officers ask them what they were doing. If the user knew the sessions were at different levels, they wouldn't have tried it. (The security target assumes users are well behaved.) Hope this helps explain what we are thinking about... Thanks, -Steve Grubb _______________________________________________ Bug-bash mailing list Bug-bash@gnu.org http://lists.gnu.org/mailman/listinfo/bug-bash