Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!bu-cs!buengc!bph
From: bph@buengc.BU.EDU (Blair P. Houghton)
Newsgroups: comp.unix.questions
Subject: Re: A way to monitor your files
Message-ID: <4093@buengc.BU.EDU>
Date: 9 Sep 89 22:43:02 GMT
References: <547@chem.ucsd.EDU> <1140@virtech.UUCP> <29114@news.Think.COM>
Reply-To: bph@buengc.bu.edu (Blair P. Houghton)
Followup-To: comp.unix.questions
Distribution: usa
Organization: Boston Univ. Col. of Eng.
Lines: 27

In article <29114@news.Think.COM> barmar@think.COM (Barry Margolin) writes:
>If the system is C2 secure or better he wouldn't be able to hide
>completely[...]
>for instance, he could turn access auditing off and
>on around his access to the file, but the operation of disabling
>auditing would have to be audited (and a C2 system is not permitted to
>allow even the superuser to disable this audit), so all you would know
>is that he did something he wanted to hide during this time.

So, then, "or better" would have to prevent logging from being
disabled, or would have it hardware-implemented, dumping bits
into a very large place.

Any good books on the subject (I ask to prevent inciting yet another
discussion of secure unix systems such as the ones a few weeks ago
that I never expected I'd be interested in and so used the magic k
key on them... :-( )?

>In general, it's very hard to protect oneself against omnipotent
>beings.

Especially if you are one.

				--Blair
				  "And I think I speak for
				   about half the procrastinators
				   on the net when I say that... :-)"