Re: user flags in public temp space (was Re: chflags() [heads up

Wed, 11 Aug 1999 01:39:20 -0700 

>at level "Top Secret" you have what appears to be a different /tmp from when
>you are operating at level "unclassified".  As far as I can tell, it does
>actually keep the files in different directories.  I haven't really poked
>around at the raw disk level on one of these beasts though (which requires
>special privileges) so I can't guarantee it.

Heres what happens on Sun's Trusted Solaris (which is one implementation
of the CMW spec).

Under Trusted Solaris 1.x  (SunOS 4.1.x based)

/tmp/.MLD/0x??????   where 0x???? is the hex representation of the label
is the tmp dir where the actual files are held.  For each MLD (Multilevel
directory) there exists a subdir 0x????? for each label that has been "used"
in that dir.

Under Trusted Solaris 2.5.1 (Solaris 2.5.1/CDE 1.1 based)

/tmp/.MLD/.SLD.[0,1,2....]  where 0,1,2 is just a sequence number.

What happens is that the kernel intercepts the chdir() and knows which
subdir of the MLD to show the user.  If the program does pwd it is told
(in this case) /tmp not /tmp/.MLD/.....   It is possible to find out
the true location using the command mldrealpath (there is a corresponding
API call).

In Trusted Solaris 2.x the users home directory is actually an MLD as
well as all of the public areas such as /tmp, /var/tmp and certain
subdirectories of /var/spool.

Trusted Solaris has a special login addtion that looks for the existance
of either of .link_files or .copy_files in the users homedir and copys or
links the appropriate files/dirs into the other components of the MLD.  This
ensures that your .profile can be run regardless of which label the shell
is run at.  The master copies of such things are held in the users minimum
login label (specified in the nameservice).

>       You can definitely have two
>different files in different level /tmp directories with the same name.

True.  But note that most (if not all) current systems only do this
based on security label rather than user.

--
Darren J Moffat

Reply via email to