Date: Mon, 20 Sep 1999 18:24:01 +0400 From: ark@eltex.ru To: freebsd@gndrsh.dnsmgr.net Cc: security@FreeBSD.ORG Subject: Re: Real-time alarms Message-ID: <199909201424.SAA01652@paranoid.eltex.spb.ru> In-Reply-To: <199909201416.HAA58893@gndrsh.dnsmgr.net> from ""Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>"
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
nuqneH,
"Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> said :
> >
> > Hmmm, i think it is a good idea to have 2 kernel interfaces:
> >
> > 1) audit - one way communication system that lets kernel and possibly
> > some user processes to inform an audit daemon or whatever that something
> > important happened
>
> By definision a secure audit trail can only be generated by a secure
> code base, that pretty much precludes any user processes from being
> a source of data at this time.
What about "2-in-one" interface that could be accessed from kernel and
from userspace but provides functions that will let audit daemon to
know the difference? That can make things more flexible.
_ _ _ _ _ _ _
{::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
(##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
[||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBN+ZDf6H/mIJW9LeBAQHvaAP+I3fW7+kp8v1f61zqsTl84FhwcBsXLKId
lNtbbIrhyZ+h96kxY1z+p1QVUuSAU5vNzgC5hLhRKkWO+dsWpAOvrb4Q02kyopM5
SFWTEY101GlOr+tmu7skr4Q3wfbaKdfOnbp8gOgzD81nH40LwjiZ5xrqwAkkNYy1
o015vJL0tyM=
=FHf+
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909201424.SAA01652>