From owner-freebsd-security Tue Oct 14 12:37:47 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA12231 for security-outgoing; Tue, 14 Oct 1997 12:37:47 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA12223 for ; Tue, 14 Oct 1997 12:37:41 -0700 (PDT) (envelope-from narvi@haldjas.folklore.ee) Received: from haldjas.folklore.ee (haldjas.folklore.ee [172.17.2.1] (may be forged)) by haldjas.folklore.ee (8.8.6/8.8.4) with SMTP id WAA09860; Tue, 14 Oct 1997 22:37:28 +0300 (EEST) Date: Tue, 14 Oct 1997 22:37:28 +0300 (EEST) From: Narvi To: "Christopher G. Petrilli" cc: freebsd-security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk A big snip done to the cc: list. I hope no-one is offended. On Tue, 14 Oct 1997, Christopher G. Petrilli wrote: > On Tue, 14 Oct 1997, Brian Beattie wrote: > > > > I could be just being stupid here, but can't you do this by making > > > everyone a member of a group with their login ID, and them only as a > > > member and setting the file to (owner).user, mode 707, or something? > > > Wouldn't that give everyone but that persona ccess to it? > > > Did anyone even follow that? not too clear, is it... > > > > Some people often read this requirement to mean that it must be possible > > to set access rights on a file to exclude some arbitrary set of users. To > > do this you need one group for each permutation of users. Techincally > > possible but infeasable. In fact I agree with your interpretation and I > > believe so do the evaluators and most people in the INFOSEC community. > > According to the local NSA rep sitting down the hall, this is incorrect, > and the INTENT is to allow for abritrary groups to be excluded from an > arbitrary number of files. While you're absolutely correct that in > PRACTICE this would be ok on a system with a relatively small number of > users, remember that the orange book deals with stand-alone systems, which > traditionally have had large numbers of users. Obviously we can all do > the permutation calculations even when we hit 100 users the theoretical > problem is enormous. So what? Just write a daemon, to which every user could talk to and which would modify the groups file on behalf of them. It will need to have only one additional file (where owners of the respective groups are stored) and you suddenly have got all you are going to need. Better yet - implement it as an fs :-) > > See my previous message abouy why we should evaluate ACL structures > regardless of what we do in regards C2 certification. > Heh. ACL might be nice, but why if we can do it the way we have always done (with groups) and achieve the same? Remeber, in FreeBSD, both user and group id-s are 32 bit. > Chris > Sander There is no love, no good, no happiness and no future - all these are just illusions.