Valdis.Kletnieksat_private wrote: > > On Tue, 12 Aug 2003 11:42:10 EDT, Ripin Natani <ripinfsat_private> said: > > > I was going through the mail archives and found a lot of mails debating = > > about the inclusion of auditing. So what is the status of auditing with = > > SELinux ? I > > Auditing is *OUT*, currently. The biggest problem is that any proper > auditing scheme would require the logging of "fail" and "succeed" records > for cases where the code had made the decision long before it ever got > to the LSM hook. The canonical example is 'touch foo; chmod 0 foo; cat foo" - > there needs to be a "fail" logged on the permissions check, which never bothers > calling LSM because it already KNOWS it has failed. > > To fix this would require one of: > > 1) *MUCH* more intrusive hooking to add logging at the appropriate points. > > 2) Changing LSM to be an "authoritative" rather than "restrictive" system, so > the LSM hooks would ALWAYS be called. > > Both were considered undoable for the 2.6 timeframe. The LSM consensus was that these were undoable. A minority continues to disagree, but quietly. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private 650.933.1634 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 15:25:15 PDT