From owner-freebsd-security Tue Oct 14 08:54:10 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA25762 for security-outgoing; Tue, 14 Oct 1997 08:54:10 -0700 (PDT) (envelope-from owner-freebsd-security) Received: from dworkin.amber.org (petrilli@dworkin.amber.org [209.31.146.74]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA25755 for ; Tue, 14 Oct 1997 08:54:04 -0700 (PDT) (envelope-from petrilli@amber.org) Received: from localhost (petrilli@localhost) by dworkin.amber.org (8.8.7/8.8.7) with SMTP id LAA02491; Tue, 14 Oct 1997 11:53:55 -0400 (EDT) Date: Tue, 14 Oct 1997 11:53:55 -0400 (EDT) From: "Christopher G. Petrilli" To: Brian Beattie cc: "Matthew D. Fuller" , Brian Mitchell , Colman Reilly , Douglas Carmichael , freebsd-security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 14 Oct 1997, Brian Beattie wrote: > > I could be just being stupid here, but can't you do this by making > > everyone a member of a group with their login ID, and them only as a > > member and setting the file to (owner).user, mode 707, or something? > > Wouldn't that give everyone but that persona ccess to it? > > Did anyone even follow that? not too clear, is it... > > Some people often read this requirement to mean that it must be possible > to set access rights on a file to exclude some arbitrary set of users. To > do this you need one group for each permutation of users. Techincally > possible but infeasable. In fact I agree with your interpretation and I > believe so do the evaluators and most people in the INFOSEC community. According to the local NSA rep sitting down the hall, this is incorrect, and the INTENT is to allow for abritrary groups to be excluded from an arbitrary number of files. While you're absolutely correct that in PRACTICE this would be ok on a system with a relatively small number of users, remember that the orange book deals with stand-alone systems, which traditionally have had large numbers of users. Obviously we can all do the permutation calculations even when we hit 100 users the theoretical problem is enormous. See my previous message abouy why we should evaluate ACL structures regardless of what we do in regards C2 certification. Chris