Re: c2 (or c2-like) auditing for Linux

• Previous message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Jesse Pollard: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Crispin Cowan (crispinat_private) wrote:
> Question for Casey & other Orange Book folk: the above proposal 
> *assumes* that it is C2 compliant to do checks in this order:
> 
>    1. error checks (no audit records if they fail)
>    2. DAC checks (audit records)
>    3. MAC checks (audit records)
> 
> Does this assumption hold?

Dunno 'bout that.  But I believe POSIX.1e Auditing requires recording
the use of a (POSIX 1 and 1e defined) system interface.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Jesse Pollard: "Re: c2 (or c2-like) auditing for Linux"
• Previous message: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• In reply to: Crispin Cowan: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Jesse Pollard: "Re: c2 (or c2-like) auditing for Linux"
• Next in thread: Chris Wright: "Re: c2 (or c2-like) auditing for Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 23:50:19 PST