posix mac
Robert Watson
robert at cyrus.watson.org
Wed Apr 14 13:37:58 GMT 1999
On Tue, 13 Apr 1999, Ilmar S. Habibulin wrote:
> Tomorrow i read posix.1e mac chapter carefully. My opinion - posix mac
> suxx. :( It doesn't control sockets operations (maybe just because sockets
> are not posix api?) and it doesn't have access level decrement rule.
I won't comment on MAC as I don't have that much experience with the
mechanisms of MAC, and haven't done an in-depth review of that component
of the draft. However, the lack of a sockets description (i.e.,
limitation to POSIX interface) is one I hoped to remedy with this list. I
haven't gotten to the point where I'm extending auditing that much yet
(beyond modifying/adding some API calls and clarifying stuff), but
presumably once I get into whole-sale auditing of syscalls in FreeBSD,
I'll start posting about appropriate auditing record fields for non-POSIX
interfaces in the hopes of maintaining portability.
POSIX.1e provides a good starting point and guidance: I personally don't
have much experience with authoring API standards (I've done a few
Internet Drafts and that's about it in the standards area :-), but I'm
sure that can be worked around with some help. I recently received some
email about auditing extensions for Linux, and my essential comments were
along the lines of: make sure you go for portability, given POSIX.1e a
spin and see whether it can meet your needs.
Robert N Watson
robert at fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C
Carnegie Mellon University http://www.cmu.edu/
TIS Labs at Network Associates, Inc. http://www.tis.com/
Safeport Network Services http://www.safeport.com/
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list