Re: Supplemental Groups
--- Chris Wright <chrisw(a)osdl.org> wrote:
* Klaus Weidner (klaus(a)atsec.com) wrote:
...
> Since "subjects" are defined to be processes
(running on behalf of
> users), I'd consider them to be identified by the
PID, and the security
> attributes would be properties of the process but
not part of the
> identity. (A privileged process may change its own
security properties,
> and I'd think it would be weird if that would
correspond to a change of
> identity for that process.)
OK, I had always considered security attributes to
be part of the
identity. Thanks for clarification.
This audit trail does not contain sufficient
information to identify what security policy
was enforced on failure, nor does it provide
sufficient information to demonstrate an access
was in fact appropriate.
This may be an audit trail, but it ain't a
security audit trail! The fact that an event
occurred without the information about the
subject and the object is not sufficient for
any analysis. What is the point of this
exercise? Without the subject and object
security attributes, especially those used
to make the access in question, what is this
good for?
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com