From owner-freebsd-security Mon Sep 20 10: 5:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91]) by hub.freebsd.org (Postfix) with ESMTP id 337AA15087 for ; Mon, 20 Sep 1999 10:05:06 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.9.3/8.9.3) with SMTP id LAA27456; Mon, 20 Sep 1999 11:05:02 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id LAA01318; Mon, 20 Sep 1999 11:05:01 -0600 Date: Mon, 20 Sep 1999 11:05:01 -0600 Message-Id: <199909201705.LAA01318@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: ark@eltex.ru Cc: freebsd@gndrsh.dnsmgr.net, security@FreeBSD.ORG Subject: Re: Real-time alarms In-Reply-To: <199909201424.SAA01652@paranoid.eltex.spb.ru> References: <199909201416.HAA58893@gndrsh.dnsmgr.net> <199909201424.SAA01652@paranoid.eltex.spb.ru> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@mt.sri.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > > > > Hmmm, i think it is a good idea to have 2 kernel interfaces: > > > > > > 1) audit - one way communication system that lets kernel and possibly > > > some user processes to inform an audit daemon or whatever that something > > > important happened > > > > By definision a secure audit trail can only be generated by a secure > > code base, that pretty much precludes any user processes from being > > a source of data at this time. > > What about "2-in-one" interface that could be accessed from kernel and > from userspace but provides functions that will let audit daemon to > know the difference? That can make things more flexible. This is Robert's goal as well, but secondary to my goals. But if/when it happens, I will argue for a completely different queue for userland events, and not allow the userland events get close to the kernel events. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message