A levelez�m azt hiszi, hogy Chris Calabrese a k�vetkez�eket �rta:
> 3.2.2 Access Control Labels
> Access control labels fall into two categories.
> Discretionary access controls (DAC's - think Unix
> file permissions) and mandatory access controls
> (MAC's - secret, top-secret, etc.).
>
> In the case of system log messages, DAC labels map
> neatly into the facility tags present in the
> existing syslog system[2].
>
> On the surface, MAC labels would seem to require
> some kind of hierarchical identification scheme.
> However, by including support for DAC, we can
> reduce this from a hierarchical scheme to a simple
> ordered scheme. Additionally, if we recognize that
> logs operating at lower priority also tend to be
> much more verbose, then we can allow an inverse
> relationship between MAC labels and log priorities
> as used in the existing syslog system (LOG_DEBUG,
> LOG_INFO, LOG_NOTICE, LOG_WARNING, etc.)[2]. In
> other words, higher-priority messages may be more
> widely viewed and less widely created. Conversely,
> lower-priority messages may be less widely viewed
> but more widely created.
I have some problem with the above approach:
-By my reading, facilities are connected with the source of the
event to be logged, and have nothing to do with the security labels
of either the object or the subject engaged in the operation. Think
of auditing of FS or http access.
-Do not forget that MAC labels have _two_ components: hierarchical security
label and non-hierarchical categoriES. Even if we would agree with mapping HSL
to priorities (which I do not), you won't have place for the NHC labels.
-I think that the priority of an event is more connected to the type of
that event than to the labels of either the subject or object playing.
(I am more concerned with a buffer overrun attempt in my ftp proxy by a system
low entity than a dir command by a system high one.)
-Do we log the subject's or the object's security labels with the above
attributes?
So I guess we should talk about labels where we talk about the representation
of the other things (source, destination, time, ...). And that is another wg,
isn't it?
The other thing is the representation of the facility and priority fields.
AFAIK we cannot forget them because they are parts of the protocol right now.
I couldn't find a statement on them being arbitrary labels rather than a limited
set of things.
And what about defining the minimum set of information a log should contain?
(maybe I have just skipped that through?)
--
GNU GPL: csak tiszta forr�sb�l
