[cgl_discussion] Small rewording suggestion for section ACC.5
Steven Dake
sdake at mvista.com
Tue Feb 10 15:41:29 PST 2004
Robert,
Thanks for your comments.. I am working on resolving the errata.. We
will bring this up in the errata discussions..
I do think what is meant is that MAC disables the ability of the rogue
super user, not the valid super user. But I'm no security expert :)
Thanks
-steve
On Tue, 2004-02-10 at 16:27, Shaver Robert-r39525 wrote:
> In reading the CGL Requirements Definition document I found this statement in the ACC.5 Mandatory Access Control section (page 90):
>
> "When used correctly, this will restrict the privileges of the super-user to create a more secure Linux system."
>
> I'm new here so I hope this is the right place to make this suggestions.
>
> The wording of this sentence means to me that this requirement will make it harder for the super-user to secure Linux. Isn't that just the opposite of the intention of ACC.5? (I am assuming here that "system administrator" and "super-user" are the same role in this context.)
>
> Might it be said better like this, "When used correctly, these privilege restrictions will aid the super-user in creating a more secure Linux system."
>
> Best regards,
>
> Rob:-]
> ---
> Robert (Rob) Shaver
> Middleware & Collaboration Tools Architecture, Standards And Strategies (MCTASS)
> ---
> mailto:Robert.Shaver at motorola.com
> Voice: 512-996-6990 Fax: 512-996-7191
> Pager: 888-208-4263 mailto:2084263 at skytel.com
> The information contained in this email is classified as:
> [X] General Business Information
> [ ] Motorola Internal Use Only
> [ ] Motorola Confidential Proprietary
> (c) Copyright 2003 Motorola, Inc.
> _______________________________________________
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/cgl_discussion
>
>
More information about the cgl_discussion
mailing list