On Mon, 9 Aug 1999, Adam Morris wrote:
> The CMW machines (Compartmentalised Mode Workstation) has the
> concept of "multi level directories" These include such things as
> /tmp. When you are operating at level "Top Secret" you have what
> appears to be a different /tmp from when you are operating at level
> "unclassified".
The multilevel directory in CMW doesn't solve the per user problem; it
just enforces mandatory access control. If two processes are at
"UNCLASSIFIED", they are using the same /tmp, so this class of
problems still exists. It is still up to the app designer to be
careful about problems with /tmp.
Perhaps if each user had a unique sensitivity label (like use UID as
SL), then you'd get a per user /tmp, but I would imagine that would
create a lot of other usability problems (setting up dominance
relations would just suck!).
> As far as I can tell, it does actually keep the
> files in different directories. I haven't really poked around at
> the raw disk level on one of these beasts though (which requires
> special privileges) so I can't guarantee it. You can definitely
> have two different files in different level /tmp directories with
> the same name.
Yes, multilevel directories are separate directories. The system
hides a layer for you, so it's something like this:
/tmp/UNCLASSIFIED
/tmp/TOP_SECRET
/tmp/SECRET
..etc, with new levels being created as needed.
My knowlege is based on HP-UX's CMW product.
-James Pace
