I think I've got it!
While a CGI-with-security-holes can be forced to "misbehave" for the invoking
user, if the CGI itself and all its configuration and static data are readonly
(enforced by MAC in the trusted OS) and data it modifies is handled as an
append-only transaction log (again enforced by MAC), then the trusted OS can
guarantee that subsequent users won't see behavior modified by the
interactions of the intruder. Gotcha! And _neat_!
I just wish that URL you posted for the "rsbac" stuff were reachable. Is a
mirror of that site? As far as I can tell, that host isn't running a daemon on
port 80.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
