From owner-freebsd-security  Sun Jul  6 15:33:15 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA08957
          for security-outgoing; Sun, 6 Jul 1997 15:33:15 -0700 (PDT)
Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA08950;
          Sun, 6 Jul 1997 15:33:10 -0700 (PDT)
Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45])
	by agora.rdrop.com (8.8.5/8.8.5) with ESMTP id PAA20728;
	Sun, 6 Jul 1997 15:21:15 -0700 (PDT)
Received: from localhost (brian@localhost)
	by shell.firehouse.net (8.8.5/8.8.5) with SMTP id SAA13458;
	Sun, 6 Jul 1997 18:21:14 -0400 (EDT)
Date: Sun, 6 Jul 1997 18:21:13 -0400 (EDT)
From: Brian Mitchell <brian@firehouse.net>
To: "Jonathan M. Bresler" <jmb@FreeBSD.ORG>
cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, careilly@monoid.cs.tcd.ie,
        adam@homeport.org, freebsd-security@FreeBSD.ORG
Subject: Re: Security Model/Target for FreeBSD or 4.4?
In-Reply-To: <199707062150.OAA07546@hub.freebsd.org>
Message-ID: <Pine.BSI.3.95.970706181825.13456A-100000@shell.firehouse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 6 Jul 1997, Jonathan M. Bresler wrote:

> Jordan K. Hubbard wrote:
> 	in a nutshell,	the security model is 
> 		"you must have permission to do something".
> 		the superuser (aka root: uid 0) is can do anything.
> 		command audit trail (logging) is not provided. 
> 	the holes have been in the implementation of that model.
> 	the source shows the implementation.  which has been of greatly
> 	varying quality regarding security. ;(
> jmb
> 

I'm not sure that's entirely corrent - superuser, for instance, can not
(with the exception of holes in various subsystems...) lower the
securelevel. I'm not sure what you mean by command audit trail, but
process accounting is available, and is pretty darned close to logging
commands. Stuff like syscall level accounting such as available in sun's
bsm stuff is, unfortunately, not available presently.


Brian Mitchell                           brian@firehouse.net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt