From owner-freebsd-security Mon Sep 20 7:20: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 9D1A0150AC for ; Mon, 20 Sep 1999 07:20:04 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id HAA58893; Mon, 20 Sep 1999 07:16:27 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909201416.HAA58893@gndrsh.dnsmgr.net> Subject: Re: Real-time alarms In-Reply-To: <199909201021.OAA00729@paranoid.eltex.spb.ru> from "ark@eltex.ru" at "Sep 20, 1999 02:21:17 pm" To: ark@eltex.ru Date: Mon, 20 Sep 1999 07:16:26 -0700 (PDT) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Hmmm, i think it is a good idea to have 2 kernel interfaces: > > 1) audit - one way communication system that lets kernel and possibly > some user processes to inform an audit daemon or whatever that something > important happened By definision a secure audit trail can only be generated by a secure code base, that pretty much precludes any user processes from being a source of data at this time. > 2) acl device that will provide 2-way communication to a daemon that will > allow or deny things to happen? This is no longer auditing, that would be under another thread, one about security control, and goes hand in hand with the proposal I tossed out about VMS like per process priviledges. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message