Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Oct 1997 22:37:28 +0300 (EEST)
From:      Narvi <narvi@haldjas.folklore.ee>
To:        "Christopher G. Petrilli" <petrilli@amber.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: C2 Trusted FreeBSD? 
Message-ID:  <Pine.BSF.3.96.971014223301.9017B-100000@haldjas.folklore.ee>
In-Reply-To: <Pine.BSF.3.96.971014114946.2865E-100000@dworkin.amber.org>

next in thread | previous in thread | raw e-mail | index | archive | help

A big snip done to the cc: list. I hope no-one is offended.

On Tue, 14 Oct 1997, Christopher G. Petrilli wrote:

> On Tue, 14 Oct 1997, Brian Beattie wrote:
> 
> > > I could be just being stupid here, but can't you do this by making
> > > everyone a member of a group with their login ID, and them only as a
> > > member and setting the file to (owner).user, mode 707, or something?
> > > Wouldn't that give everyone but that persona ccess to it?
> > > Did anyone even follow that?  not too clear, is it...
> > 
> > Some people often read this requirement to mean that it must be possible
> > to set access rights on a file to exclude some arbitrary set of users.  To
> > do this you need one group for each permutation of users.  Techincally
> > possible but infeasable.  In fact I agree with your interpretation and I
> > believe so do the evaluators and most people in the INFOSEC community.
> 
> According to the local NSA rep sitting down the hall, this is incorrect,
> and the INTENT is to allow for abritrary groups to be excluded from an
> arbitrary number of files.  While you're absolutely correct that in
> PRACTICE this would be ok on a system with a relatively small number of
> users, remember that the orange book deals with stand-alone systems, which
> traditionally have had large numbers of users.  Obviously we can all do
> the permutation calculations even when we hit 100 users the theoretical
> problem is enormous.

So what? Just write a daemon, to which every user could talk to and which
would modify the groups file on behalf of them. It will need to have only
one additional file (where owners of the respective groups are stored)
and you suddenly have got all you are going to need. Better yet -
implement it as an fs :-)

> 
> See my previous message abouy why we should evaluate ACL structures
> regardless of what we do in regards C2 certification.
> 

Heh. ACL might be nice, but why if we can do it the way we have always
done (with groups) and achieve the same? Remeber, in FreeBSD, both user
and group id-s are 32 bit.

> Chris
> 

	Sander

	There is no love, no good, no happiness and no future -
	all these are just illusions.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971014223301.9017B-100000>