Date: Mon, 20 Sep 1999 16:00:15 +0000 (GMT) From: Kiril Mitev <kiril@ideaglobal.com> To: freebsd@gndrsh.dnsmgr.net (Rodney W. Grimes) Cc: kiril@ideaglobal.com, ark@eltex.ru, security@FreeBSD.ORG Subject: Re: Real-time alarms Message-ID: <199909201600.QAA31235@loki.ideaglobal.com> In-Reply-To: <199909201534.IAA59102@gndrsh.dnsmgr.net> from "Rodney W. Grimes" at "Sep 20, 1999 8:34: 0 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Ouch. > > > > do you REALLY suggest things along the lines > > > > set proc/priv=(... , .... , .... ) > > Yes, at least the functionality, we don't have to use the VMS DCL > interface to it. set proc/priv= just flips bits in the process > header area. IIRC, it 'flips bits' in a dedicated VAXCPU register. > You have a better idea?? NO, so I will voluntarily shut up . > > > > > > > > Hmmm, i think it is a good idea to have 2 kernel interfaces: > > > > > > > > 1) audit - one way communication system that lets kernel and possibly > > > > some user processes to inform an audit daemon or whatever that something > > > > important happened > > > > > > By definision a secure audit trail can only be generated by a secure > > > code base, that pretty much precludes any user processes from being > > > a source of data at this time. > > > > > > > 2) acl device that will provide 2-way communication to a daemon that will > > > > allow or deny things to happen? > > > > > > This is no longer auditing, that would be under another thread, one about > > > security control, and goes hand in hand with the proposal I tossed out > > > about VMS like per process priviledges. > > > > > -- > Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net > > -- Kiril Mitev, IT Operations Mgr, London IDEAglobal.com Standard Corporate Disclaimer applies, see http://www.ideaglobal.com/email-disclaimer.html for details. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909201600.QAA31235>