On Saturday 06 May 2006 19:23, Linda Walsh wrote: > IMO, common core utilities shouldn't be linking with specialized > libraries.
We already have many common core utilities linking with security libraries. This is how you make life easier for the end user. > Alternatively, maybe there should be a applications-security-module > API to abstract calls to a specific security policy. This was my goal. I was wondering if we could create a set of prompt tokens that could be used by ANY operating system. For example, there are a couple of OS that supports RBAC. So, regardless of the native implementation, they would have a similar need. > It seems poor practice to tie a specialized security policy into the general > versions of all application utilities, but I suppose this would > require much planning, cooperation and foresight. (Before anyone gets upset, none of this is directed at the bash people, its just a theoretical discussion.) Its not poor practice to make something usable for people. There is a large SE Linux community that we work with. Admittedly, it is mostly used on Linux, but it is being ported to FreeBSD. Adding decorations for a system admin to label the windows with is something any secure OS might aspire to. If, for example, there is a "role" in AppArmor, you might want a role on the prompt. For the moment, we are going the route of doing this via `id -Z`. But I thought there was a common problem across secure distributions that we could create a standard for. TSOL could link to its libraries, RHEL could link to libselinux, etc. I suppose this is the planning, cooperation, and foresight you spoke of. -Steve _______________________________________________ Bug-bash mailing list Bug-bash@gnu.org http://lists.gnu.org/mailman/listinfo/bug-bash
