From owner-freebsd-security Mon Jul 7 01:47:48 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA03423 for security-outgoing; Mon, 7 Jul 1997 01:47:48 -0700 (PDT) Received: from monoid.cs.tcd.ie (ts07-12.dublin.indigo.ie [194.125.148.137]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA03414; Mon, 7 Jul 1997 01:47:42 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by monoid.cs.tcd.ie (8.8.5/8.8.5) with SMTP id JAA01325; Mon, 7 Jul 1997 09:46:09 +0100 (BST) Message-Id: <199707070846.JAA01325@monoid.cs.tcd.ie> X-Authentication-Warning: monoid.cs.tcd.ie: localhost [127.0.0.1] didn't use HELO protocol To: "Jonathan M. Bresler" , freebsd-security@FreeBSD.ORG Subject: Re: Security Model/Target for FreeBSD or 4.4? X-Address: Department of Computer Science, Trinity College, Dublin 2, Ireland. X-Phone: (Home)+353-(0)1-6765859 (College)+353-(0)1-7021321 X-PGP: Public Key on Request In-reply-to: Message from "Jonathan M. Bresler" dated Sunday at 14:50. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1320.868265168.1@monoid> Date: Mon, 07 Jul 1997 09:46:09 +0100 From: Colman Reilly Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk JMB says: in a nutshell, the security model is "you must have permission to do something". the superuser (aka root: uid 0) is can do anything. command audit trail (logging) is not provided. the holes have been in the implementation of that model. the source shows the implementation. which has been of greatly varying quality regarding security. ;( Sure, that's the thought underlying the security model, sort of, but it fails to catch the whole intended behaviour, and certainly isn't complete enough to help decide whether a piece of code preservses system security or not, which is probably part of the problem. Implementors can't really be sure whether or not their code is secure because it's not entirely obvious what secure means. Colman