OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Kill the DOG and win 100 000 DM
From: Jay Tribick (jay.tribickCARRIER1.NET)
Date: Fri Nov 10 2000 - 16:33:49 CST

Hi,

> To break it down:
>
> 1) When you connected from the internet you logged in as beaner. You network
> connection from the internet was automatically marked at a different level
> than TS ALL. This was probably Confidential User or something like that.
>
> 2) Your MAC level (Con User) will stay with your process and all its children
> no matter if you become another user or break a setuid program.

Lets say, for example, that there was an application running with an SL
that dominated the attacking users SL. This application has a remote-exec
hole (i.e by passing certain commands over the socket, one could cause the
application to system(3) or exec(3) another program) would the SL of the
program that was spawned be the SL of the attacking user, or the SL of
the application from which it was invoked?

(..assuming that the attack was performed by someone locally on the
machine telnetting to a port on the same box)

> 4) If your process tries to telnet to the local machine its label will be on
> the stream and will be used in setting up that network connection. This will
> cause your connection to be at exactly the same level you are at.

Does this assume that the application you're connecting too is label-aware,
or is it enforced regardless of the application? 

--
Regards,

Jay Tribick
Senior Systems Engineer
Carrier1
Voice: 	+44 207 531 3874