Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: user flags in public temp space (was Re: chflags() [heads up

From: darren.moffat () UK SUN COM (Darren J Moffat - Sun Enterprise Services UK)
Date: Tue, 10 Aug 1999 10:07:29 +0100


at level "Top Secret" you have what appears to be a different /tmp from when
you are operating at level "unclassified".  As far as I can tell, it does
actually keep the files in different directories.  I haven't really poked
around at the raw disk level on one of these beasts though (which requires
special privileges) so I can't guarantee it.


Heres what happens on Sun's Trusted Solaris (which is one implementation
of the CMW spec).

Under Trusted Solaris 1.x  (SunOS 4.1.x based)

/tmp/.MLD/0x??????   where 0x???? is the hex representation of the label
is the tmp dir where the actual files are held.  For each MLD (Multilevel
directory) there exists a subdir 0x????? for each label that has been "used"
in that dir.

Under Trusted Solaris 2.5.1 (Solaris 2.5.1/CDE 1.1 based)

/tmp/.MLD/.SLD.[0,1,2....]  where 0,1,2 is just a sequence number.

What happens is that the kernel intercepts the chdir() and knows which
subdir of the MLD to show the user.  If the program does pwd it is told
(in this case) /tmp not /tmp/.MLD/.....   It is possible to find out
the true location using the command mldrealpath (there is a corresponding
API call).

In Trusted Solaris 2.x the users home directory is actually an MLD as
well as all of the public areas such as /tmp, /var/tmp and certain
subdirectories of /var/spool.

Trusted Solaris has a special login addtion that looks for the existance
of either of .link_files or .copy_files in the users homedir and copys or
links the appropriate files/dirs into the other components of the MLD.  This
ensures that your .profile can be run regardless of which label the shell
is run at.  The master copies of such things are held in the users minimum
login label (specified in the nameservice).


      You can definitely have two
different files in different level /tmp directories with the same name.


True.  But note that most (if not all) current systems only do this
based on security label rather than user.

--
Darren J Moffat
Previous By Date Next
Previous By Thread Next

Current thread: