Date: Tue, 14 Oct 1997 11:53:55 -0400 (EDT) From: "Christopher G. Petrilli" <petrilli@amber.org> To: Brian Beattie <beattie@stt3.com> Cc: "Matthew D. Fuller" <fullermd@futuresouth.com>, Brian Mitchell <brian@firehouse.net>, Colman Reilly <careilly@monoid.cs.tcd.ie>, Douglas Carmichael <dcarmich@mcs.com>, freebsd-security@FreeBSD.ORG Subject: Re: C2 Trusted FreeBSD? Message-ID: <Pine.BSF.3.96.971014114946.2865E-100000@dworkin.amber.org> In-Reply-To: <Pine.GSO.3.95.971014084124.1809G-100000@durin>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Oct 1997, Brian Beattie wrote: > > I could be just being stupid here, but can't you do this by making > > everyone a member of a group with their login ID, and them only as a > > member and setting the file to (owner).user, mode 707, or something? > > Wouldn't that give everyone but that persona ccess to it? > > Did anyone even follow that? not too clear, is it... > > Some people often read this requirement to mean that it must be possible > to set access rights on a file to exclude some arbitrary set of users. To > do this you need one group for each permutation of users. Techincally > possible but infeasable. In fact I agree with your interpretation and I > believe so do the evaluators and most people in the INFOSEC community. According to the local NSA rep sitting down the hall, this is incorrect, and the INTENT is to allow for abritrary groups to be excluded from an arbitrary number of files. While you're absolutely correct that in PRACTICE this would be ok on a system with a relatively small number of users, remember that the orange book deals with stand-alone systems, which traditionally have had large numbers of users. Obviously we can all do the permutation calculations even when we hit 100 users the theoretical problem is enormous. See my previous message abouy why we should evaluate ACL structures regardless of what we do in regards C2 certification. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971014114946.2865E-100000>