linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Chuck Ebbert <76306.1226@compuserve.com>
To: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: FileSystem Filter Driver
Date: Wed, 23 Apr 2003 15:12:05 -0400	[thread overview]
Message-ID: <200304231515_MC3-1-35AB-AB17@compuserve.com> (raw)

Valdis.Kletnieks wrote:

.> Proper kernel auditing is harder than it looks.  Check the LSM mailing list
.> archives for the last attempt to get auditing into the kernel - the idea
.> was basically dropped.
.> ...<snip>...


  In addition to all the points you covered, you also have to figure
out what to do if the log medium fills up or fails.  In a high security
environment the only thing you can do is panic the system immediately,
because (unaudited) bad things might already be happening.  You also
have to configure the system so it will not boot into multiuser
mode if the log has failed.  (And *then* you get to deal with clueless
admins who will disable that feature in their desperation to get
the system up and running, but that's not really a technical problem.)

------
 Chuck

             reply	other threads:[~2003-04-23 19:04 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-04-23 19:12 Chuck Ebbert [this message]
  -- strict thread matches above, loose matches on Subject: below --
2003-04-29 13:35 FileSystem Filter Driver Nir Livni
2003-04-23 10:28 Nir Livni
2003-04-23  1:05 ` Antonio Vargas
2003-04-23 12:20   ` Nir Livni
2003-04-23 12:22     ` Muli Ben-Yehuda
2003-04-23 10:08 ` Abhishek Agrawal
2003-04-23 11:47   ` Michael Knigge
2003-04-23 12:11     ` Abhishek Agrawal
2003-04-23 16:11       ` joe briggs
2003-04-23 15:48     ` Leonard Milcin, Jr
2003-04-23 16:21       ` Valdis.Kletnieks
2003-04-23 12:58   ` Nir Livni
2003-04-23 11:53 ` Rogier Wolff
2003-04-23 14:27   ` William Stearns

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200304231515_MC3-1-35AB-AB17@compuserve.com \
    --to=76306.1226@compuserve.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).