Supplemental Groups
Casey Schaufler
casey at schaufler-ca.com
Wed Feb 23 21:27:05 UTC 2005
--- Chris Wright <chrisw at osdl.org> wrote:
> * Klaus Weidner (klaus at atsec.com) wrote:
> ...
> > Since "subjects" are defined to be processes
> (running on behalf of
> > users), I'd consider them to be identified by the
> PID, and the security
> > attributes would be properties of the process but
> not part of the
> > identity. (A privileged process may change its own
> security properties,
> > and I'd think it would be weird if that would
> correspond to a change of
> > identity for that process.)
>
> OK, I had always considered security attributes to
> be part of the
> identity. Thanks for clarification.
This audit trail does not contain sufficient
information to identify what security policy
was enforced on failure, nor does it provide
sufficient information to demonstrate an access
was in fact appropriate.
This may be an audit trail, but it ain't a
security audit trail! The fact that an event
occurred without the information about the
subject and the object is not sufficient for
any analysis. What is the point of this
exercise? Without the subject and object
security attributes, especially those used
to make the access in question, what is this
good for?
=====
Casey Schaufler
casey at schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Linux-audit
mailing list