On 2001-10-28 11:16:18 -0800, todd glassey wrote: > And Shane, how exactly do you prove that no one violated that "LPAR > Compartmentalization" you just heaved back at me. > > The whole point is that someone or something has to be empowered to > verify the veracity of the acts taking place on a system otherwise > there would be no need of this conversation group since there would be > no logging because surely it violates that same privacy. > > I think the privacy you refer to is from "other users", but honestly > how is it possible that you and the Systems Admins and Auditors would > or could not know each other more intimately. > > So - I ask again - what real expectation of privacy is there in a Time > Sharing System, other than by potential agreement between the users? This isn't the same question that you asked originally. You simply said that users should have no expectation of privacy, because the scheduler has to track what processes are doing. To me, this is akin to saying you have no reason to expect confidentiality from your physician because he has to know what ailments you suffer from. Hogwash! How can I *prove* that my doctor isn't sending reports of my various STD's to the press? Well, I can't. That doesn't mean I should expect my doctor to publish my private information. If it was important, a system of external audits could be devised, using the similiar forensic techniques to the ones that security folks do on compromised systems. But I'm thinking this is only necessary for truly critical systems, e.g. financial processing, medical data, Microsoft Passport. Not that any of them do this ... probably because users think they have no right to expect privacy. :( -- Shane Carpe Diem --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Oct 29 2001 - 10:24:07 PST