The requirement to include the entire cut buffer was only for high to
low (downgrade) transfers (which are only allowed for text), and was a
"derived" requirement, in that we had to include the text in the audit
logs in order to get approval to provide that capability.
Jim
Casey Schaufler wrote:
LC Bruzenak wrote:
On Wed, 2009-01-28 at 15:37 -0800, Casey Schaufler wrote:
LC Bruzenak wrote:
...
That would be a most peculiar requirement. Are "they" requiring
that you audit the data sent with cross-level send(), read()
and write() as well?
Casey,
This is similar to the HP CMW trusted copy/paste capability (not
necessarily cut). I assume Trusted Irix had something similar?
Actually, the Trix B1 evaluation had a single level window system
and the CC evaluated system was server only.
The notion of auditing the data passed in addition to the subject
and object information has got to be a CMW thing. In principle
moving data from a Secret window to a TS window is no different
from moving it from a Secret file to a TS file, and you would
never audit that data.
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
