sample 5.3 based trusted os ;-)
Wayne Salamon
wsalamon at computer.org
Mon Jan 24 12:32:39 GMT 2005
On Jan 24, 2005, at 3:58 AM, Ilmar S. Habibulin wrote:
> PS. Don't ask me why some syscall is audited. I didn't carry out
> deep analisis of what should and what shouldn't be audited. IMHO it is
> much more easier to cut some fuctionality off, than to insert it. ;-)
One criteria is to audit events that involve permission checks using
the standard discretionary access controls, or the suid check. Two
notable exceptions are read() and write(), which are not audited in
Solaris or Darwin, but are in your list.
We need to decide how to merge your changes into audit3. If you want to
send me a patch against audit2, that'd be a place to start.
Thanks,
Wayne
-------
Wayne Salamon
wsalamon at computer.org
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list