bugzilla-daemon at mindrot.org
2003-Aug-11 17:46 UTC
[Bug 624] Simple enhancement for Common Criteria conformity
http://bugzilla.mindrot.org/show_bug.cgi?id=624 Summary: Simple enhancement for Common Criteria conformity Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: openssh-bugs at mindrot.org ReportedBy: mag at lme.linux.hu The FDP_ITC requirement family of the Common Criteria says: """ The following events should be auditable if FAU_GEN Security audit data generation is included in the PP/ST: a) Minimal: Successful import of user data, including any security attributes. b) Basic: All attempts to import user data, including any security attributes. c) Detailed: The specification of security attributes for imported user data supplied by an authorised user. """ The FDP_ITC requirement family of the Common Criteria says: """ The following events shall be auditable if FAU_GEN Security audit data generation is included in the PP/ST: a) Minimal: Successful export of information. b) Basic: All attempts to export information. """ These requirements are present in all the common protection profiles for operating systems (LSPP, CAPP). Fulfilling them in ssh means a very short code calling syslog() added to the scp and sftp, sftp-server source. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-12 07:47 UTC
[Bug 624] Simple enhancement for Common Criteria conformity
http://bugzilla.mindrot.org/show_bug.cgi?id=624 ------- Additional Comments From markus at openbsd.org 2003-08-12 17:47 ------- every read(2) and write(2) imports data, so you need to log this, too??? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Aug-12 08:37 UTC
[Bug 624] Simple enhancement for Common Criteria conformity
http://bugzilla.mindrot.org/show_bug.cgi?id=624 ------- Additional Comments From mag at lme.linux.hu 2003-08-12 18:37 ------- Logging read(2) and write(2) is the responsibility of the kernel. The kernel enhancements concerned with security (RSBAC, TrustedBSD et al) do that. I define Target of Evaluation (TOE) something like "the hardware, firmware, and software of a host, including some well-defined I/O devices: hard disk, chipcard reader, CD reader. The boundaries of TOE consist of its externel I/O interfaces such as network interface, printer port, chipcard reader, keyboard, display, mouse, USB interface to devices not defined as the part of the TOE, CD reader, etc. The proposed feature would log the exports/imports on the boundaries of the system, in our case export/imports on the network interface. Low (packet) level logging is also the responsibility of the kernel (packet filter code does that), so what remains is the import and export of files, with the file name, security attributes of the file (unix permissions) identity of the user, claimed identity of the user of the remote system if exists, and time (syslog takes care of the latter). An extra feature would be defining a generic interface returning the text representation of the security attributes of a file, and using that (if exists) to log the security attributes. (I mention it only for the sake of the record, first there should be some agreement on such an interface between the various security module developers.) int get_file_security_attributes_as_text(const char *fname, char *buffer, int buflen); ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.