[cgl_discussion] Small rewording suggestion for section ACC.5
La Monte H.P. Yarroll
piggy at timesys.com
Tue Feb 17 08:19:40 PST 2004
Shaver Robert-r39525 wrote:
>In reading the CGL Requirements Definition document I found this statement in the ACC.5 Mandatory Access Control section (page 90):
>"When used correctly, this will restrict the privileges of the super-user to create a more secure Linux system."
>I'm new here so I hope this is the right place to make this suggestions.
>The wording of this sentence means to me that this requirement will make it harder for the super-user to secure Linux. Isn't that just the opposite of the intention of ACC.5? (I am assuming here that "system administrator" and "super-user" are the same role in this context.)
No, they are different. MAC includes the ability to restrict the
super-user (the account with uid=0). The sentence is correct as it stands.
>Might it be said better like this, "When used correctly, these privilege restrictions will aid the super-user in creating a more secure Linux system."
Anyone who quotes me in their sig is an idiot. -- Rusty Russell's sig
More information about the cgl_discussion