[cgl_discussion] Small rewording suggestion for section ACC.5

Steven Dake sdake at mvista.com
Tue Feb 10 15:41:29 PST 2004

Thanks for your comments..  I am working on resolving the errata..  We
will bring this up in the errata discussions..

I do think what is meant is that MAC disables the ability of the rogue
super user, not the valid super user.  But I'm no security expert :)


On Tue, 2004-02-10 at 16:27, Shaver Robert-r39525 wrote:
> In reading the CGL Requirements Definition document I found this statement in the ACC.5 Mandatory Access Control section (page 90):
> "When used correctly, this will restrict the privileges of the super-user to create a more secure Linux system."
> I'm new here so I hope this is the right place to make this suggestions.
> The wording of this sentence means to me that this requirement will make it harder for the super-user to secure Linux. Isn't that just the opposite of the intention of ACC.5? (I am assuming here that "system administrator" and "super-user" are the same role in this context.)
> Might it be said better like this, "When used correctly, these privilege restrictions will aid the super-user in creating a more secure Linux system."
> Best regards,
> Rob:-]
> ---
> Robert (Rob) Shaver
> Middleware & Collaboration Tools Architecture, Standards And Strategies (MCTASS)
> ---
>  mailto:Robert.Shaver at motorola.com 
>  Voice: 512-996-6990 Fax: 512-996-7191
>  Pager: 888-208-4263 mailto:2084263 at skytel.com 
>  The information contained in this email is classified as:
>  [X] General Business Information  
>  [ ] Motorola Internal Use Only  
>  [ ] Motorola Confidential Proprietary
>  (c) Copyright 2003 Motorola, Inc.
> _______________________________________________
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/cgl_discussion

More information about the cgl_discussion mailing list