Date: Mon, 20 Jan 2003 21:23:19 -0800 (PST) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 24012 for review Message-ID: <200301210523.h0L5NJ84063100@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=24012 Change 24012 by chris@chris_holly on 2003/01/20 21:22:40 Break the chapters into individual files. Update the security definition as prompted by Wayne Morrison <tewok@tislabs.com>. By not singling out privacy policies as being somehow more important than others and by expanding on well-being is, the risk of the reader thinking that privacy policies are the most common kind (they are not, FWIW, but that doesn't matter). Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/Makefile#2 edit .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#5 edit .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapter.decl#1 add .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapters.ent#2 edit .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-defined.sgml#1 add .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/introduction/security-definitions.sgml#1 add Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/Makefile#2 (text+ko) ==== @@ -32,7 +32,7 @@ MAINTAINER= chris@FreeBSD.org DOC?= book -FORMATS?= html-split +FORMATS?= html-split html INSTALL_COMPRESSED?= gz ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/book.sgml#5 (text+ko) ==== @@ -157,7 +157,7 @@ <preface id="preface"> <title>Preface</title> - <section id="audience"> + <section id="preface.audience"> <title>This Book's Audience</title> <para>This book is primarily targeted at system developers in an @@ -169,6 +169,12 @@ &man.sprog.7; manual page is intended to serve that purpose.</para> </section> + + <section id="preface.organization"> + <title>Organization of this Book</title> + + <para>...</para> + </section> </preface> <part id="introduction"> @@ -184,93 +190,8 @@ FreeBSD security architecture.</para> </partintro> - <chapter id="introduction.security-defined"> - <title>Security Defined</title> - - <para>System security is often looked at as having the quality - of being inaccessible by unauthorized users. Application - security is looked at as having the quality of being able to - handle any sort of input, regardless of validity. Network - security is considered as having a fortress-like - impenetrability from the perspective of an outside - observer.</para> - - <para>The common thread in all of these definitions is - essentially that security is the state of functioning as - intended. Those that should have access to various files in - the system do, and those that should not do not. Those that - should have access to the network have it, and those that - should not do not.</para> - - <para><emphasis>Security, therefore, is defined as the - enforcement of the appropriate use of system - resources.</emphasis> The implementation may enforce this - arbitrarily and may have its own ideas on what - <quote>appropriate</quote> is, but generally, - <quote>appropriate</quote> means that resources are protected - in a manner favoring privacy and the overall well-being of the - system.</para> - </chapter> - - <chapter id="introduction.security-definitions"> - <title>Security-Related Definitions</title> - - <para>Aside from <quote>security,</quote> this document will - make reference to other terms which must be clearly defined. - These terms will be used in the strictest sense of the - definitions set forth below.</para> - - <section id="introduction.security-definitions.security-policy"> - <title>Security Policy</title> - - <para>While <quote>security</quote> is defined as - <emphasis>the enforcement of the appropriate use of system - resources</emphasis>, <quote>security policy</quote> is - defined as <emphasis>the set of rules that determine what - constitutes <quote>appropriate</quote></emphasis>. These - rules can usually be laid out in a similar fashion to a - standard or RFC document: <quote>this resource MUST be used - in this fashion only</quote>, <quote>this resource MUST - NOT be used in this fashion</quote>, etc.</para> - - <para>The FreeBSD operating system does not specify one single - security policy. Rather, a conglomeration of policies - specially tailored to specific <emphasis>classes</emphasis> - of resources, such as network-related resources, virtual - memory resources, file system resources, and system uses, - comes together to form the overall FreeBSD security - architecture.</para> - - <para>Security policies are found in a variety of forms. - <emphasis>DAC</emphasis>, on file system objects, - <emphasis>MAC</emphasis>, on all system subjects and - objects.</para> - </section> - - <section - id="introduction.security-definitions.resource-classification"> - <title>Resource Classifications</title> - - <para>This document classifies system resources into - <emphasis>subjects</emphasis> and - <emphasis>objects</emphasis>. Most simply, a - <emphasis>subject</emphasis> is something that performs some - action. Examples of subjects might be processes, sockets, - and pipes. Logically, an <emphasis>object</emphasis> is - something that has some action performed on it. Examples of - objects might be file system objects, devices, network - interfaces, processes, and processes.</para> - - <para>The overlap in the examples for subjects and objects is - intentional—it emphasizes the point that due to the - principle that subjects might perform some action on one - another, then in having some action performed on it, that - subject must then be an object. It is advised that the - reader does not make the mistake of equating - <emphasis>subject</emphasis> with - <emphasis>person</emphasis>.</para> - </section> - </chapter> + &chap.introduction.security-defined; + &chap.introduction.security-definitions; </part> </book> ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/chapters.ent#2 (text+ko) ==== @@ -1,5 +1,2 @@ -<!ENTITY chap.traditional.unixdac SYSTEM "traditional/unixdac.sgml"> -<!ENTITY chap.traditional.superuser SYSTEM "traditional/superuser.sgml"> - -<!ENTITY chap.concepts.unix SYSTEM "concepts/unix.sgml"> -<!ENTITY chap.concepts.trusted SYSTEM "concepts/trusted.sgml"> +<!ENTITY chap.introduction.security-defined SYSTEM "introduction/security-defined.sgml"> +<!ENTITY chap.introduction.security-definitions SYSTEM "introduction/security-definitions.sgml"> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301210523.h0L5NJ84063100>