Date: Mon, 21 Jun 2004 21:00:24 -0400 From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Tom Rhodes <trhodes@FreeBSD.org> Cc: trustedbsd-discuss@TrustedBSD.org Subject: Re: [REVIEW REQUEST]: New chapter on MAC (draft) Message-ID: <20040622010024.GB5470@green.homeunix.org> In-Reply-To: <20040511160225.1630f3ee@localhost> References: <20040510174918.146df71c@localhost> <20040511160225.1630f3ee@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 11, 2004 at 04:02:25PM -0400, Tom Rhodes wrote: > On Mon, 10 May 2004 17:49:18 -0400 > Tom Rhodes <trhodes@FreeBSD.org> wrote: > > Updated with comments from this list and a few in private. > > Check it out: > > > Check out the built chapter at: > > http://people.freebsd.org/~trhodes/mac/mac.html > > > > Check out the source at: > > http://people.freebsd.org/~trhodes/mac/chapter.sgml Very nice job! Here are my notes on what I've read: 1. In 11.4.1.1, a '/' is missing in the label setting. 2. In 11.4.2 "The Singlelabel" seems syntactically strange, as does "swap file system." 3. In 11.4.3, perhaps "sysctl -d security.mac" would be better. 4. The 11.10.1 section seems to end prematurely. 5. "Sensibility" should be "sensitivity" in 11.11. Why is the number "six thousand" specifically mentioned? 6. In 11.13, the behavior of auxiliary-labeled directories should be explained. Specifically, this allows creation of directories with one grade that allow objects, of the auxiliary grade, to be created in them -- sort of like "sticky directories." For exec, it results in something similar to "setuid execution." Let us know whjen you finish the next draft. -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040622010024.GB5470>