Re: Supplemental Groups
* Casey Schaufler (casey(a)schaufler-ca.com) wrote:
--- Chris Wright <chrisw(a)osdl.org> wrote:
>
> OK, I had always considered security attributes to
> be part of the
> identity. Thanks for clarification.
This audit trail does not contain sufficient
information to identify what security policy
was enforced on failure, nor does it provide
sufficient information to demonstrate an access
was in fact appropriate.
It's CAPP vs. useful ;-)
This may be an audit trail, but it ain't a
security audit trail! The fact that an event
occurred without the information about the
subject and the object is not sufficient for
any analysis. What is the point of this
exercise? Without the subject and object
security attributes, especially those used
to make the access in question, what is this
good for?
Most of these things are there, we're just identifying what's missing.
I don't think anyone believes they aren't useful (however, we won't be
tracking which bit gave access, that'd have to be deduced).
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net