36 messages in org.freebsd.freebsd-securityRe: Security Model/Target for FreeBSD...| From | Sent On | Attachments |
|---|---|---|
| Colman Reilly | Jul 5, 1997 3:43 am | |
| Adam Shostack | Jul 5, 1997 8:17 am | |
| Colman Reilly | Jul 5, 1997 2:33 pm | |
| Jordan K. Hubbard | Jul 5, 1997 4:47 pm | |
| Christopher Petrilli | Jul 6, 1997 11:27 am | |
| Jonathan M. Bresler | Jul 6, 1997 2:50 pm | |
| Brian Mitchell | Jul 6, 1997 3:20 pm | |
| Jonathan M. Bresler | Jul 6, 1997 5:13 pm | |
| Colman Reilly | Jul 7, 1997 1:45 am | |
| Duane H. Hesser | Jul 7, 1997 7:48 am | |
| Robert N Watson | Jul 7, 1997 10:08 am | |
| Brian Mitchell | Jul 7, 1997 10:58 am | |
| Adam Shostack | Jul 7, 1997 11:03 am | |
| Sean Eric Fagan | Jul 7, 1997 11:37 am | |
| Robert N Watson | Jul 7, 1997 11:46 am | |
| Jonathan M. Bresler | Jul 7, 1997 11:53 am | |
| Robert Watson | Jul 7, 1997 1:04 pm | |
| Kenneth Stailey | Jul 7, 1997 1:05 pm | |
| Brian Mitchell | Jul 7, 1997 1:38 pm | |
| pro...@suburbia.net | Jul 7, 1997 2:29 pm | |
| Jim Shankland | Jul 7, 1997 3:46 pm | |
| Daniel O'Callaghan | Jul 7, 1997 4:20 pm | |
| Mark Newton | Jul 7, 1997 4:47 pm | |
| Adam Shostack | Jul 7, 1997 5:58 pm | |
| Adam Shostack | Jul 7, 1997 6:09 pm | |
| Poul-Henning Kamp | Jul 7, 1997 11:10 pm | |
| Robert Watson | Jul 8, 1997 8:45 am | |
| Robert Watson | Jul 8, 1997 8:58 am | |
| Colman Reilly | Jul 8, 1997 12:33 pm | |
| Ollivier Robert | Jul 8, 1997 1:20 pm | |
| George Robbins | Jul 8, 1997 1:59 pm | |
| Mark Newton | Jul 8, 1997 5:29 pm | |
| Robert Watson | Jul 9, 1997 9:09 am | |
| Eivind Eklund | Jul 9, 1997 9:57 am | |
| David Holland | Jul 9, 1997 3:09 pm | |
| Wes Peters | Jul 9, 1997 10:07 pm |
| Subject: | Re: Security Model/Target for FreeBSD or 4.4? | |
|---|---|---|
| From: | Jonathan M. Bresler (...@) | |
| Date: | Jul 6, 1997 5:13:50 pm | |
| List: | org.freebsd.freebsd-security | |
Brian Mitchell wrote:
On Sun, 6 Jul 1997, Jonathan M. Bresler wrote:
Jordan K. Hubbard wrote: in a nutshell, the security model is "you must have permission to do something". the superuser (aka root: uid 0) is can do anything. command audit trail (logging) is not provided. the holes have been in the implementation of that model. the source shows the implementation. which has been of greatly varying quality regarding security. ;( jmb
I'm not sure that's entirely corrent - superuser, for instance, can not
a nutshell is never entirely correct. securelevels were introduced in 4.4BSD, if i remember correctly. they are an innovation
(with the exception of holes in various subsystems...) lower the securelevel. I'm not sure what you mean by command audit trail, but process accounting is available, and is pretty darned close to logging
command logging is one example of the more rigorous control that some other systems have. mind they are a royal pain. they remember ever passwd you have used for xx months and refuse all attempts to re-use them, while at teh same time expiring passwords every xx days. but no one uses reuseable passwords anymore, right ;)
jmb
commands. Stuff like syscall level accounting such as available in sun's bsm stuff is, unfortunately, not available presently.