From owner-freebsd-security  Mon Sep 20  7:27:47 1999
Delivered-To: freebsd-security@freebsd.org
Received: from eltex.ru (ELTEX-2-SPIIRAS.nw.ru [195.19.204.46])
	by hub.freebsd.org (Postfix) with ESMTP id 941A4152A0
	for <security@FreeBSD.ORG>; Mon, 20 Sep 1999 07:26:25 -0700 (PDT)
	(envelope-from ark@eltex.ru)
Received: from yaksha.eltex.ru (root@yaksha.eltex.ru [195.19.198.2])
	by eltex.ru (8.9.3/8.9.3) with SMTP id SAA20307;
	Mon, 20 Sep 1999 18:26:01 +0400 (MSD)
Received: by yaksha.eltex.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Mon, 20 Sep 1999 18:23:45 +0400
Received: from undisclosed-intranet-sender id xma020649; Mon, 20 Sep 99 18:23:40 +0400
Date: Mon, 20 Sep 1999 18:24:01 +0400
Message-Id: <199909201424.SAA01652@paranoid.eltex.spb.ru>
In-Reply-To: <199909201416.HAA58893@gndrsh.dnsmgr.net> from ""Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>"
From: ark@eltex.ru
Organization: "Klingon Imperial Intelligence Service"
Subject: Re: Real-time alarms
To: freebsd@gndrsh.dnsmgr.net
Cc: security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

"Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> said :

> > 
> > Hmmm, i think it is a good idea to have 2 kernel interfaces:
> > 
> > 1) audit - one way communication system that lets kernel and possibly
> > some user processes to inform an audit daemon or whatever that something
> > important happened
> 
> By definision a secure audit trail can only be generated by a secure
> code base, that pretty much precludes any user processes from being
> a source of data at this time.

What about "2-in-one" interface that could be accessed from kernel and
from userspace but provides functions that will let audit daemon to
know the difference? That can make things more flexible.

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN+ZDf6H/mIJW9LeBAQHvaAP+I3fW7+kp8v1f61zqsTl84FhwcBsXLKId
lNtbbIrhyZ+h96kxY1z+p1QVUuSAU5vNzgC5hLhRKkWO+dsWpAOvrb4Q02kyopM5
SFWTEY101GlOr+tmu7skr4Q3wfbaKdfOnbp8gOgzD81nH40LwjiZ5xrqwAkkNYy1
o015vJL0tyM=
=FHf+
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message