From: Casey Schaufler <casey@schaufler-ca.com>
To: Valdis.Kletnieks@vt.edu,
"Lorenzo \"Hernández\" \"García-Hierro\"" <lorenzo@gnu.org>
Cc: rsbac@rsbac.org,
"linux-security-module@wirex.com"
<linux-security-module@wirex.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: Thoughts on the "No Linux Security Modules framework" old claims
Date: Wed, 16 Feb 2005 07:52:51 -0800 (PST) [thread overview]
Message-ID: <20050216155251.16202.qmail@web50201.mail.yahoo.com> (raw)
In-Reply-To: <200502160421.j1G4Ls7l004329@turing-police.cc.vt.edu>
--- Valdis.Kletnieks@vt.edu wrote:
> Many auditing policies require an audit event to be
> generated if the operation
> is rejected by *either* the DAC (as implemented by
> the file permissions
> and possibly ACLs) *or* the MAC (as implemented by
> the LSM exit). However,
> in most (all?) cases, the DAC check is made *first*,
> and the LSM exit isn't
> even called if the DAC check fails. As a result, if
> you try to open() a file
> and get -EPERM due to the file permissions, the LSM
> exit isn't called and
> you can't cut an audit record there.
The advice given by the NSA during our B1
evaluation was that is was that in the case
above was that the MAC check should be done
first (because it's more important) and
because you want the audit record to report
the MAC failure whenever possible. The
team advised us that if we didn't do the MAC
check first we would have a tough row to hoe
explaining the design decision and an even
tougher time explaining that the audit of
MAC criteria had been met.
=====
Casey Schaufler
casey@schaufler-ca.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
next prev parent reply other threads:[~2005-02-16 15:52 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-15 22:38 Thoughts on the "No Linux Security Modules framework" old claims Lorenzo Hernández García-Hierro
2005-02-16 4:21 ` Valdis.Kletnieks
2005-02-16 13:29 ` Lorenzo Hernández García-Hierro
2005-02-16 13:30 ` Stephen Smalley
2005-02-16 16:07 ` Casey Schaufler
2005-02-16 15:52 ` Casey Schaufler [this message]
2005-02-16 17:41 ` Valdis.Kletnieks
2005-02-21 10:19 ` [rsbac] " Amon Ott
2005-02-21 17:15 ` Lorenzo Hernández García-Hierro
2005-02-21 17:50 ` Casey Schaufler
2005-02-22 8:57 ` Amon Ott
2005-02-22 15:23 ` Casey Schaufler
2005-02-24 0:55 ` Kurt Garloff
2005-02-24 8:28 ` Amon Ott
2005-02-25 10:14 ` Kurt Garloff
2005-02-23 21:37 ` Crispin Cowan
2005-02-23 22:00 ` Lorenzo Hernández García-Hierro
2005-02-23 22:07 ` Crispin Cowan
2005-02-23 22:34 ` Lorenzo Hernández García-Hierro
2005-02-24 13:23 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050216155251.16202.qmail@web50201.mail.yahoo.com \
--to=casey@schaufler-ca.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=lorenzo@gnu.org \
--cc=rsbac@rsbac.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox