Fwd: PERFORCE change 150813 for review
Rene Ladan
r.c.ladan at gmail.com
Thu Oct 2 19:55:50 UTC 2008
FYI.
some nits I found when translating the chapter on MAC to Dutch.
(wow, I've sent the first non-spam message of the month to this list :) )
Regards,
Rene
---------- Forwarded message ----------
From: Rene Ladan <rene at freebsd.org>
Date: 2008/10/2
Subject: PERFORCE change 150813 for review
To: Perforce Change Reviews <perforce at freebsd.org>
http://perforce.freebsd.org/chv.cgi?CH=150813
Change 150813 by rene at rene_self on 2008/10/02 19:52:40
Fix some nits in revision 1.73 of the MAC chapter, propagate
the changes to the Dutch version where applicable.
Checked build (nl + en).
Affected files ...
.. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mac/chapter.sgml#5
edit
.. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mac/chapter.sgml#9
edit
Differences ...
==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mac/chapter.sgml#5
(text+ko) ====
@@ -700,7 +700,7 @@
implement the labeling feature, including the Biba, Lomac,
<acronym>MLS</acronym> and <acronym>SEBSD</acronym>
policies.</para>
-
+
<para>In many cases, the <option>multilabel</option> may not need
to be set at all. Consider the following situation and
security model:</para>
@@ -967,12 +967,6 @@
<screen>&prompt.root; <userinput>ugidfw add subject not uid root
new object not uid root mode n</userinput></screen>
- <note>
- <para>In releases prior to &os; 5.3, the
- <parameter>add</parameter> parameter did not exist. In those
- cases the <parameter>set</parameter> should be used
- instead. See below for a command example.</para></note>
-
<para>This is a very bad idea as it will block all users from
issuing even the most simple commands, such as
<command>ls</command>. A more patriotic list of rules
@@ -1427,6 +1421,7 @@
company information, and financial institution environments.
The most unlikely place would be a personal workstation with
only two or three users.</para>
+ </sect2>
</sect1>
<sect1 id="mac-biba">
@@ -1552,7 +1547,7 @@
to.</para>
<para>The &man.mac.biba.4; security policy module permits an
- administrator to address which files and programs a user or
+ administrator to address which files and programs a user or
users may see and invoke while assuring that the programs and
files are free from threats and trusted by the system for that
user, or group of users.</para>
@@ -1570,7 +1565,7 @@
utilities. While other users would be grouped into other
categories such as testers, designers, or just ordinary
users and would only be permitted read access.</para>
-
+
<para>With its natural security control, a lower integrity subject
is unable to write to a higher integrity subject; a higher
integrity subject cannot observe or read a lower integrity
@@ -1733,7 +1728,7 @@
<username>www</username> users into the insecure class:</para>
<screen>&prompt.root; <userinput>pw usermod nagios -L
insecure</userinput></screen>
- <screen>&prompt.root; <userinput>pw usermod www -L
insecure</userinput></screen>
+ <screen>&prompt.root; <userinput>pw usermod www -L
insecure</userinput></screen>
</sect2>
<sect2>
@@ -1887,7 +1882,7 @@
&man.mac.seeotheruids.4; could co-exist and block access not
only to system objects but to hide user processes as well.
- <para>Begin by adding the following lines to
+ <para>Begin by adding the following line to
<filename>/boot/loader.conf</filename>:</para>
<programlisting>mac_seeotheruids_enabled="YES"</programlisting>
@@ -2032,9 +2027,10 @@
<sect2>
<title>Error: &man..secure.path.3; cannot stat
<filename>.login_conf</filename></title>
- <para>When I attempt to switch from the <username>root</username>
+ <para>When I attempt to switch from the <username>root</username> user
to another user in the system, the error message
- <errorname>_secure_path: unable to state .login_conf</errorname>.</para>
+ <errorname>_secure_path: unable to state .login_conf</errorname>
+ appears.</para>
<para>This message is usually shown when the user has a higher
label setting then that of the user whom they are attempting to
==== //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mac/chapter.sgml#9
(text+ko) ====
@@ -1066,13 +1066,6 @@
<screen>&prompt.root; <userinput>ugidfw add subject not uid root
new object not uid root mode n</userinput></screen>
- <note><!--(rene) dit verwijderen, ook in en_US versie (1.73,
regel 970)-->
- <para>In versies voor &os; 5.3 bestond de parameter
- <parameter>add</parameter> niet. In die gevallen dient in
- plaats daarvan <parameter>set</parameter> gebruikt te worden
- als in het onderstaande voorbeeld.</para>
- </note>
-
<para>Dit is een slecht idee, omdat het voorkomt dat alle
gebruikers ook maar het meest eenvoudige commando kunnen
uitvoeren, zoals <command>ls</command>. Een betere lijst met
@@ -1534,7 +1527,7 @@
instellingen zijn. De meest onwaarschijnlijke plaats zou een
persoonlijk werkstation met slechts twee of drie gebruikers
zijn.</para>
- </sect2> <!--(rene) ontbreekt in en_US 1.73 ?-->
+ </sect2>
</sect1>
<sect1 id="mac-biba">
@@ -1865,7 +1858,7 @@
/dev biba/equal
/dev/* biba/equal
-/var biba/equal <!--(rene) ws-fout in
en_US 1.73 ?-->
+/var biba/equal
/var/spool biba/equal
/var/spool/* biba/equal
@@ -1999,8 +1992,8 @@
met &man.mac.seeotheruids.4; naast elkaar bestaan en zowel toegang
tot systeemobjecten als tot gebruikersprocessen ontzeggen.</para>
- <para>Begin door de volgende regels aan
- <filename>/boot/loader.conf</filename> toe te
voegen:</para><!--(rene) dit is maar 1 regel? en_US 1.73 -->
+ <para>Begin door de volgende regel aan
+ <filename>/boot/loader.conf</filename> toe te voegen:</para>
<programlisting>mac_seeotheruids_enabled="YES"</programlisting>
@@ -2142,7 +2135,7 @@
<para>Bij het wisselen van <username>root</username> naar een
andere gebruiker in het systeem, verschijnt de foutmelding
- <errorname>_secure_path: unable to state
.login_conf</errorname>.</para><!--(rene) Engelse tekst klopt niet
1.73-->
+ <errorname>_secure_path: unable to state .login_conf</errorname>.</para>
<para>Deze melding komt meestal voor als de gebruiker een hogere
labelinstelling heeft dan de gebruiker waarnaar wordt
--
http://www.rene-ladan.nl/
GPG fingerprint = E738 5471 D185 7013 0EE0 4FC8 3C1D 6F83 12E1 84F6
(subkeys.pgp.net)
More information about the freebsd-doc
mailing list