[Security_sig] [Reminder] Security SIG conf. call - 1/20

Wichmann, Mats D mats.d.wichmann at intel.com
Fri Jan 21 20:16:47 PST 2005


>SEC 1.0:
>
>There is mention of SuSv3, shouldn't we talk about LSB too?

I find the wording of this chunk very odd for a spec:

"Description: OSDL CGL specifies that carrier grade Linux shall provide access control
mechanisms that support support beyond the mechanisms commonly supported on Posix/SUSv2/SUSv3
compliant systems."

What does beyond mean?  Many SUSv3 compliant systems provide mechanisms
beyond what is required by those specifications - consider Solaris, which
is a conforming implementation. Is this saying  CGL requires more than is
available on such a system, or more than is required by the specs?  And
as to mentioning LSB: if you want, but in terms of access control, it's
identical to POSIX/SUSv3, on which it is closely based.

The topic of POSIX-draft ACLs (as mentioned in 1.4) keeps coming up as a topic
for addition to POSIX/SUS in the Austin Group, which maintains those
standards (and if that begins to look acceptable there, that would be one
way to get them into LSB as well).  The difficulty in that forum is the 
common-practice requirement, since there really isn't uniformity across
implementations it never seems to go anywhere (in particular, I think
I've heard HP/UX's implementation of acls is incompatible with the POSIX
draft).

I'm kind of uncomfortable with a requirement that says that CG Linux
systems have to provide ACLs, but there's no requirement that they work
a particular way.  Doesn't that leave a rather muddled picture for
customer expectations?





More information about the security_sig mailing list