TrustedBSD Extensions Project

[stanislav shalunov]

> From: David Collier-Brown - Sun Canada <davecb at scot.canada.sun.com>
>  stanislav shalunov <shalunov at att.com> wrote:
> | Traditional unix filesystem semantic provides the capability of
> | "including or excluding access to the granularity of a single user."
> | Only root can do it, 
> 
> 	Could you expand on this? I've been around since v6,
> 	but I don't recollect seeing it...

I am referring simply to the ability to create a group and place
arbitrary set of users into it (and chgrp the necessary filesystem
object(s)).

> | No.  You ask to transfer this data to SCSI ID 3, block 45467.
> | The controller decides to write to SCSI ID 1, block 45467.
> 
> 	That's interesting... if it was intentional, it would be a
> 	covert channel. [If it were unintentional and probabalistic, 
> 	it would crash your filesystem eventually, and so get caught
> 	by QC or an enraged user.]

It could be a rare probabilistic hardware failure.  (And was initially
an illustration of the trivial fact that without hardware verification
no software measures are enough.)

> | Why would I buy anything from HP?  
> 	Well, performance, price and reliability, for three (;-))

Right.  Last time I talked to HP salespeople, they were trying to sell
us a High Availability Storage Solution for a little over $1M.  It
used a single M$ Windows 98 PC as a firewall into the internals of the
storage system, which also served as monitoring and administration
station.

I'm not kidding.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message