--- Klaus Weidner <[EMAIL PROTECTED]> wrote:
> I don't think that it's a significant issue though > for current LSPP > configurations - any people who plan to use this > please speak up if you > disagree. The current LSPP configurations are for > server systems, A common deployment of an MLS system is the the enormous compute "server", where users log in at various MLS values to process data, some of which is common, and some of which is not. Usually this means a network login, today typically using ssh. Rarely will a user need to log in at more than one MLS value, but it can (and has) happened that a user will have multiple valid MLS values. In some installations they will want to allow this over "unlabeled networks", and in some they will not. > and > require that local consoles (including serial > consoles listed in > /etc/securetty) are physically restricted to be > accessible by admins > only, and admins can still use newrole. This leaves > only non-admin serial > terminals, and I don't think those are that common > these days. Indeed! > Of course, people deploying a system that's based on > the LSPP > configuration can choose to deviate from the > evaluated configuration > based on their own risk assessment. This could > include restoring general > access to "newrole" if they don't consider the PTY > exploit to be a > concern. It might be best if you don't say that out loud. Casey Schaufler [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
