On Mon, Oct 29, 2007 at 06:57:20PM -0400, Jeffrey Hutzelman wrote: > On Monday, October 29, 2007 05:41:23 PM -0500 Nicolas Williams > <Nicolas.Williams at sun.com> wrote: > > >We don't authenticate labels. Label ranges are looked up > >(getuserrange(), a private libtsol function that uses > >getusername(3SECDB) to look up a user's clearance and min_label > >attributes. > > For user logins, sure. I was thinking about a different problem, in which > you might have SSH channels labelled in an analogous way to, say, IP > traffic. But that's a different project entirely.
That's also what I was thinking about. A simple channel request would suffice. We don't need an RFC for that either (but we would want to get one published). The requested label has to be in the logged in user's label range. For a shell channel the label of the shell would be zone_enter()ed into the requested label, if allowed. Something similar would be done for port forwarding. > >In the GUI login case the user is asked which label in their label range > >to run in. There's no equivalent in SSHv2, but we could certainly add > >one as an extension. > > Yes, that would be a reasonable extension, though I'm not sure exactly how > I'd squeeze it into SSH. I guess that depends in part on whether you want > to select a distinct label for each channel, or use one for the whole > connection (analogous to the GUI login case). See above for one option.
