RHEL 5 going for Common Criteria EAL 4 rating
RHEL 5 going for Common Criteria EAL 4 rating
Posted Oct 11, 2005 6:31 UTC (Tue) by Vladimir (guest, #33011)In reply to: RHEL 5 going for Common Criteria EAL 4 rating by jamesmrh
Parent article: RHEL 5 going for Common Criteria EAL 4 rating
Just wanted to comment on this:
"LSPP has some very specific security requirements.... So, the direct value of this to non-govt types is unknown and historically limited."
I don't need to be a government type to be able to use LSPP or Type Enforcement or RBAC for everyday business.
How on Earth would you let sysadmins to use root and in the same type to not have access to classified data stored on the servers the run?
Regards,
VG
Posted Oct 12, 2005 5:07 UTC (Wed)
by etbe (subscriber, #17516)
[Link]
The administrator has to perform tasks such as fixing file system RHEL 5 going for Common Criteria EAL 4 rating
corruption, backing up data, and installing new applications (including
custom applications). These tasks are not compatible with preventing the
administrator from accessing secret data.
We have a secadm_r role for security administration which can be separate
from the sysadm_r for general system administration. This is currently
an experimental feature and is designed to be discretionary in nature.
We can't entirely prevent the sysadm from doing the wrong thing in regard
to security administration, but if they do so then they can't claim it to
be an accident, mistake, or an issue where their duties were unclear.