[cgl_discussion] Small rewording suggestion for section ACC.5

La Monte H.P. Yarroll piggy at timesys.com
Tue Feb 17 08:19:40 PST 2004


Shaver Robert-r39525 wrote:

>In reading the CGL Requirements Definition document I found this statement in the ACC.5 Mandatory Access Control section (page 90):
>
>"When used correctly, this will restrict the privileges of the super-user to create a more secure Linux system."
>
>I'm new here so I hope this is the right place to make this suggestions.
>
>The wording of this sentence means to me that this requirement will make it harder for the super-user to secure Linux. Isn't that just the opposite of the intention of ACC.5? (I am assuming here that "system administrator" and "super-user" are the same role in this context.)
>  
>
No, they are different.  MAC includes the ability to restrict the 
super-user (the account with uid=0).  The sentence is correct as it stands.

>Might it be said better like this, "When used correctly, these privilege restrictions will aid the super-user in creating a more secure Linux system."
>  
>
-- 
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell's sig




More information about the cgl_discussion mailing list