Date: Mon, 20 Sep 1999 07:42:30 -0600 (MDT) From: Jobe <jobe@attrition.org> To: ark@eltex.ru Cc: freebsd@gndrsh.dnsmgr.net, security@FreeBSD.ORG Subject: Re: Real-time alarms Message-ID: <Pine.LNX.3.96.990920074047.13128Q-100000@forced.attrition.org> In-Reply-To: <199909201424.SAA01652@paranoid.eltex.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Sep 1999 ark@eltex.ru wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> said : > > > > > > > Hmmm, i think it is a good idea to have 2 kernel interfaces: > > > > > > 1) audit - one way communication system that lets kernel and possibly > > > some user processes to inform an audit daemon or whatever that something > > > important happened > > > > By definision a secure audit trail can only be generated by a secure > > code base, that pretty much precludes any user processes from being > > a source of data at this time. > > What about "2-in-one" interface that could be accessed from kernel and > from userspace but provides functions that will let audit daemon to > know the difference? That can make things more flexible. Check his reply to my post, this is the general nature of a pseudo device =). BTW Rob, I should have a working code base for the pseudo device by the end of the day if you want to take a look. At that point we can figure out whether or not we not to do things differently. --Jobe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.990920074047.13128Q-100000>