From: "James W. Hoeft" <Jim@MagitekLtd.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: LC Bruzenak <lenny@MagitekLtd.com>, Linux Audit <linux-audit@redhat.com>
Subject: Re: user message limits
Date: Wed, 28 Jan 2009 22:57:23 -0800 [thread overview]
Message-ID: <49815353.7080105@MagitekLtd.com> (raw)
In-Reply-To: <4980FA1F.6090600@schaufler-ca.com>
The requirement to include the entire cut buffer was only for high to
low (downgrade) transfers (which are only allowed for text), and was a
"derived" requirement, in that we had to include the text in the audit
logs in order to get approval to provide that capability.
Jim
Casey Schaufler wrote:
> LC Bruzenak wrote:
>
>> On Wed, 2009-01-28 at 15:37 -0800, Casey Schaufler wrote:
>>
>>
>>> LC Bruzenak wrote:
>>>
>>>
>>>>> ...
>>>>>
>>>>>
>>>
>>>
>>> That would be a most peculiar requirement. Are "they" requiring
>>> that you audit the data sent with cross-level send(), read()
>>> and write() as well?
>>>
>>>
>>>
>> Casey,
>>
>> This is similar to the HP CMW trusted copy/paste capability (not
>> necessarily cut). I assume Trusted Irix had something similar?
>>
>>
>>
>
> Actually, the Trix B1 evaluation had a single level window system
> and the CC evaluated system was server only.
>
> The notion of auditing the data passed in addition to the subject
> and object information has got to be a CMW thing. In principle
> moving data from a Secret window to a TS window is no different
> from moving it from a Secret file to a TS file, and you would
> never audit that data.
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
>
next prev parent reply other threads:[~2009-01-29 6:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-28 0:01 user message limits LC Bruzenak
2009-01-28 15:30 ` LC Bruzenak
2009-01-28 17:15 ` Steve Grubb
2009-01-28 17:44 ` LC Bruzenak
2009-01-28 20:14 ` Steve Grubb
2009-01-28 20:30 ` LC Bruzenak
2009-01-28 21:04 ` LC Bruzenak
2009-01-28 23:37 ` Casey Schaufler
2009-01-28 23:52 ` LC Bruzenak
2009-01-29 0:36 ` Casey Schaufler
2009-01-29 6:57 ` James W. Hoeft [this message]
2009-01-30 4:49 ` Casey Schaufler
2013-09-17 14:48 ` Richard Guy Briggs
2013-09-17 18:10 ` Steve Grubb
2013-09-18 2:25 ` Richard Guy Briggs
2013-09-18 14:25 ` Steve Grubb
2013-09-18 15:10 ` spurious \n in session id helper [was: Re: user message limits] Richard Guy Briggs
2009-06-08 22:08 ` user message limits LC Bruzenak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49815353.7080105@MagitekLtd.com \
--to=jim@magitekltd.com \
--cc=casey@schaufler-ca.com \
--cc=lenny@MagitekLtd.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.