Re: user flags in public temp space (was Re: chflags() [heads up

[pace () NCAL VERIO COM (James E. Pace)]

On Mon, 9 Aug 1999, Adam Morris wrote:

> The CMW machines (Compartmentalised Mode Workstation) has the
> concept of "multi level directories"  These include such things as
> /tmp.  When you are operating at level "Top Secret" you have what
> appears to be a different /tmp from when you are operating at level
> "unclassified".

The multilevel directory in CMW doesn't solve the per user problem; it
just enforces mandatory access control.  If two processes are at
"UNCLASSIFIED", they are using the same /tmp, so this class of
problems still exists.  It is still up to the app designer to be
careful about problems with /tmp.

Perhaps if each user had a unique sensitivity label (like use UID as
SL), then you'd get a per user /tmp, but I would imagine that would
create a lot of other usability problems (setting up dominance
relations would just suck!).

> As far as I can tell, it does actually keep the
> files in different directories.  I haven't really poked around at
> the raw disk level on one of these beasts though (which requires
> special privileges) so I can't guarantee it.  You can definitely
> have two different files in different level /tmp directories with
> the same name.

Yes, multilevel directories are separate directories.  The system
hides a layer for you, so it's something like this:

/tmp/UNCLASSIFIED
/tmp/TOP_SECRET
/tmp/SECRET

..etc, with new levels being created as needed.

My knowlege is based on HP-UX's CMW product.

-James Pace