[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC] linux-2.6.10-auditfs-tc1.patch

--- Steve Grubb <sgrubb redhat com> wrote:
> Based on previous discussions, I think this would be
> required for LSPP. If we 
> are going for LSPP after meeting CAPP, it wouldn't
> be bad to start getting 
> some things in place.

Capabilties are fun in a CAPP environment, too.
The Irix CAPP system (for example) uses
capabilities and yes, they go in the audit trail
along with an indication of which capabilities were
required to perform the action, if any.

This is probably a bit late in the discussion,
but have y'all considered using a tokenized audit
record format? If you did you wouldn't have to
care if any given bit of information was there
just yet, or allocate a place for things that
might or might not be there someday. Both Solaris
and Irix use tokenized schemes to effect.

Casey Schaufler
casey schaufler-ca com

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]