Re: [PATCH] (for 2.3.99pre6) audit_ids system calls

From: Albert D. Cahalan (
Date: Tue May 02 2000 - 21:28:31 EST

Linda Walsh writes:
> Rik van Riel wrote:

>> Personally I'd rather see Linux chose for real security than
>> for some paperwork issue.
> Also, what do you mean "real security"? By which standard is it
> measured and evaluated? Is there a security policy? A security
> target defined? Other parts of the CAPP require those to be written
> down. Tests are required to show that the provided functionality has
> been verified. A set of system files, the Trusted Computing Base
> (TCB) needs to be defined. Each file in the TCB has to be evaluated
> for one of three classifications "Security enforcing", "Security
> relevant" and "Not Security Relevant". Has someone written (I hope?)
> a security analysis of every system call and every ioctl/fcntl? These
> are formal elements of a secure system.
> It might be an interesting task for you to define a "real security"
> Protection Profile and submit it to the Common Criteria.

I think I know what he means.

For "real security" you don't pretend that you can stop spies.
The system is strictly DAC-based, and most likely uses a root
account in the traditional way. Instead of adding new features,
you verify that the existing ones work correctly. An LSPP/B1
system full of bugs is worse than a perfect not-quite-C2 system.
The latter will at least correctly enforce DAC, while the former
might well let remote attackers get into kernel memory.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:11 EST