From owner-freebsd-security Mon Sep 20 7:37: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id A14E315B08 for ; Mon, 20 Sep 1999 07:36:59 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id HAA58981; Mon, 20 Sep 1999 07:36:38 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909201436.HAA58981@gndrsh.dnsmgr.net> Subject: Re: Real-time alarms In-Reply-To: <199909201424.SAA01652@paranoid.eltex.spb.ru> from "ark@eltex.ru" at "Sep 20, 1999 06:24:01 pm" To: ark@eltex.ru Date: Mon, 20 Sep 1999 07:36:38 -0700 (PDT) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -- Start of PGP signed section. > nuqneH, > > "Rodney W. Grimes" said : > > > > > > > Hmmm, i think it is a good idea to have 2 kernel interfaces: > > > > > > 1) audit - one way communication system that lets kernel and possibly > > > some user processes to inform an audit daemon or whatever that something > > > important happened > > > > By definision a secure audit trail can only be generated by a secure > > code base, that pretty much precludes any user processes from being > > a source of data at this time. > > What about "2-in-one" interface that could be accessed from kernel and > from userspace but provides functions that will let audit daemon to > know the difference? That can make things more flexible. First the kernel does not access the daemon, the daemon accesses the kernel. Second, nothing should preclude the daemon from accessing anything else it wishes to, but trusting anything else would be dangerous. Third flexiability and security don't go well togeather. The daemon clearly would know the difference about what it opened, so that is a not an issue. If we write an ``audit protocol'' it could be spoken over any socket, so that is probably a good flexiable approach. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message