From owner-freebsd-hackers  Mon Oct 13 18:58:16 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id SAA11664
          for hackers-outgoing; Mon, 13 Oct 1997 18:58:16 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from shell.futuresouth.com (shell.futuresouth.com [207.141.254.20])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA11643;
          Mon, 13 Oct 1997 18:58:06 -0700 (PDT)
          (envelope-from fullermd@futuresouth.com)
Received: from shell.futuresouth.com (mail.futuresouth.com [207.141.254.21])
	by shell.futuresouth.com (8.8.5/8.8.5) with SMTP id UAA04662;
	Mon, 13 Oct 1997 20:53:08 -0500 (CDT)
Date: Mon, 13 Oct 1997 20:53:08 -0500 (CDT)
From: "Matthew D. Fuller" <fullermd@futuresouth.com>
To: Christopher Petrilli <petrilli@amber.org>
cc: Brian Mitchell <brian@firehouse.net>,
        Colman Reilly <careilly@monoid.cs.tcd.ie>,
        Douglas Carmichael <dcarmich@mcs.com>, freebsd-hackers@FreeBSD.ORG,
        freebsd-security@FreeBSD.ORG
Subject: Re: C2 Trusted FreeBSD? 
In-Reply-To: <199710132110.RAA29578@dworkin.amber.org>
Message-ID: <Pine.BSF.3.96.971013205059.3769F-100000@shell.futuresouth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 13 Oct 1997, Christopher Petrilli wrote:

> >I'm fairly certain acl is _not_ a requirement in the dcl segment of c2.
> >acl is, after all, just another form of group control at its very base.
> 
> It is not "mandatory," however the following paragraph exerpted from the 
> TCSEC does make it clear that the exisintg group mechanism is NOT 
> acceptable:
> 
>      "The access controls shall be capable of including or excluding 
> access
>       to the granulairty of a single user."
I could be just being stupid here, but can't you do this by making
everyone a member of a group with their login ID, and them only as a
member and setting the file to (owner).user, mode 707, or something?
Wouldn't that give everyone but that persona ccess to it?
Did anyone even follow that?  not too clear, is it...

> 
> This exclusion part is what makes it very difficult.  You must be capable 
> of giving access to everyone BUT a specific user.  While theoretically I 
> guess you could do it by managing billions of sepereate groups, I think 
> it would fail none the less because of practical enforcement concerns.
> 
> Other than that, it's mostly documentation, and audit.  I would really 
> prefer to do an ACL extension to the file system, as I think it's useful 
> as it is :-)
> 
> Chris
> 
> --
> | Christopher Petrilli                               "That's right you're
> | petrilli@amber.org                                  not from Texas."


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
|  FreeBSD; the way computers were meant to be    |
*    FreeBSD: turning PCs into workstations       *
| Windows: turning workstations into typewriters  |
* fullermd@futuresouth.com   :-}  MAtthew Fuller  *
|   http://keystone.westminster.edu/~fullermd     |
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*