Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Jul 1997 17:14:11 -0700 (PDT)
From:      "Jonathan M. Bresler" <jmb>
To:        brian@firehouse.net (Brian Mitchell)
Cc:        jmb@FreeBSD.ORG, jkh@time.cdrom.com, careilly@monoid.cs.tcd.ie, adam@homeport.org, freebsd-security@FreeBSD.ORG
Subject:   Re: Security Model/Target for FreeBSD or 4.4?
Message-ID:  <199707070014.RAA13078@hub.freebsd.org>
In-Reply-To: <Pine.BSI.3.95.970706181825.13456A-100000@shell.firehouse.net> from "Brian Mitchell" at Jul 6, 97 06:21:13 pm

next in thread | previous in thread | raw e-mail | index | archive | help
Brian Mitchell wrote:
> 
> On Sun, 6 Jul 1997, Jonathan M. Bresler wrote:
> 
> > Jordan K. Hubbard wrote:
> > 	in a nutshell,	the security model is 
> > 		"you must have permission to do something".
> > 		the superuser (aka root: uid 0) is can do anything.
> > 		command audit trail (logging) is not provided. 
> > 	the holes have been in the implementation of that model.
> > 	the source shows the implementation.  which has been of greatly
> > 	varying quality regarding security. ;(
> > jmb
> > 
> 
> I'm not sure that's entirely corrent - superuser, for instance, can not

	a nutshell is never entirely correct.
	securelevels were introduced in 4.4BSD, if i remember correctly.
	they are an innovation

> (with the exception of holes in various subsystems...) lower the
> securelevel. I'm not sure what you mean by command audit trail, but
> process accounting is available, and is pretty darned close to logging

	command logging is one example of the more rigorous control
	that some other systems have.  mind they are a royal pain.
	they remember ever passwd you have used for xx months and 
	refuse all attempts to re-use them, while at teh same time 
	expiring passwords every xx days.  but no one uses reuseable 
	passwords anymore, right ;)

jmb

> commands. Stuff like syscall level accounting such as available in sun's
> bsm stuff is, unfortunately, not available presently.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707070014.RAA13078>