Date: Tue, 14 Oct 1997 08:45:54 -0700 (PDT) From: Brian Beattie <beattie@stt3.com> To: "Matthew D. Fuller" <fullermd@futuresouth.com> Cc: Christopher Petrilli <petrilli@amber.org>, Brian Mitchell <brian@firehouse.net>, Colman Reilly <careilly@monoid.cs.tcd.ie>, Douglas Carmichael <dcarmich@mcs.com>, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? Message-ID: <Pine.GSO.3.95.971014084124.1809G-100000@durin> In-Reply-To: <Pine.BSF.3.96.971013205059.3769F-100000@shell.futuresouth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 13 Oct 1997, Matthew D. Fuller wrote: > On Mon, 13 Oct 1997, Christopher Petrilli wrote: > > > >I'm fairly certain acl is _not_ a requirement in the dcl segment of c2. > > >acl is, after all, just another form of group control at its very base. > > > > It is not "mandatory," however the following paragraph exerpted from the > > TCSEC does make it clear that the exisintg group mechanism is NOT > > acceptable: > > > > "The access controls shall be capable of including or excluding > > access > > to the granulairty of a single user." > I could be just being stupid here, but can't you do this by making > everyone a member of a group with their login ID, and them only as a > member and setting the file to (owner).user, mode 707, or something? > Wouldn't that give everyone but that persona ccess to it? > Did anyone even follow that? not too clear, is it... > Some people often read this requirement to mean that it must be possible to set access rights on a file to exclude some arbitrary set of users. To do this you need one group for each permutation of users. Techincally possible but infeasable. In fact I agree with your interpretation and I believe so do the evaluators and most people in the INFOSEC community.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.971014084124.1809G-100000>