Re: Supplemental Groups
* Casey Schaufler (casey(a)schaufler-ca.com) wrote:
--- Chris Wright <chrisw(a)osdl.org> wrote:
> It's CAPP vs. useful ;-)
Then why bother?
Point being, 1) make sure it's compliant, 2) while we're at it, make
sure it's useful (for reasonable pain threshold).
> > This may be an audit trail, but it ain't a
> > security audit trail! The fact that an event
> > occurred without the information about the
> > subject and the object is not sufficient for
> > any analysis. What is the point of this
> > exercise? Without the subject and object
> > security attributes, especially those used
> > to make the access in question, what is this
> > good for?
>
> Most of these things are there, we're just
> identifying what's missing.
> I don't think anyone believes they aren't useful
> (however, we won't be
> tracking which bit gave access, that'd have to be
> deduced).
Why not? Other systems do it. Dickins, even
MicroSoft can do that!
Because it's a disruptive change that exceeds that pain threshold.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net