Casey Schaufler wrote: > Ah. On a system which has been running for a year, the > audit record which contains that information may be > contained only on a tape in a salt mine a thousand miles > away. A good audit record needs to contain enough information > to be useful without resorting to backtracking through > terabytes of history information. It is also true that > while stdin, stdout, and stderr are often the most > interesting and abusable fds, they are not the only ones. Ok. I'm convinced of the validity of fd's for audit purposes. I'm further convinced that it would be hard to reconstruct the fd's from other provided information. What I'm not convinced of is that this needs to go into phase 1. Our basic political strategy is to pitch something lean & mean to the kernel group. That means that there's nothing in it except what is needed to support access control modules. This Phase 1 interface is necessarily inadequate for full audit, so SGI (and others?) get to code audit-lite for this interface, and we use the griping from that implementation to drive the design needs for Phase 2. To get fd into phase 1, we need to contrive an access control reason to need the fd. "Go on, make something up." -- Monty Python, the Oscar Wild sketch that brought us precious jems like "His Majesty is like a stream of bat's piss." :-) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 22:45:11 PDT