> > audit being directly introduced by this project, it is appropriate
> > to extend this cooperation to resolve the past architectural
> > oversites. IMO, they are likely to add very little additional
> > project team work beyond fleshing out the ignorance.
> >
>
> Gary,
>
> I'm a little confused here. My understanding is that the project merely
I can tell ;-) or is it ;-(?
> Do you believe that a different kind of audit trail should be recorded
> by this project than if, for example, the sysadmin just types the uadmin
> command with the magic number arguments?
This project makes new access control decisions (within hald).
Those require new audit records (not a different type of audit
trail). This project appears to call other interfaces that
currently audit the system discontinuity, I believe they said
halt(1M), uadmin(1M) and perhaps some others. I was asking:
1. if the architecure of this project assured that they
were called in the proper audit context;
2. what the architecture was for auditing resumption after
suspended animation (as I could find no evidence that
it was presently being audited).
> Now if it turns out that the various facilities which GPM makes use of
> *don't* do the necessary auditing, then I agree there is a problem. (In
> which case, architecturally, I think the right thing to do is file a bug
> -- and maybe an associated fasttrack or self-review case -- against
> those components, and note that the fix for said bug is just a
> pre-requisite for this project.)
No, filing bugs is not the architectural solution. Each project
needs to satisfy the Solaris Audit Policy. This project is
no exception.
Gary..
