PERFORCE change 150813 for review
Rene Ladan
rene at FreeBSD.org
Thu Oct 2 19:52:56 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=150813
Change 150813 by rene at rene_self on 2008/10/02 19:52:40
Fix some nits in revision 1.73 of the MAC chapter, propagate the changes to the Dutch version where applicable.
Checked build (nl + en).
Affected files ...
.. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mac/chapter.sgml#5 edit
.. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mac/chapter.sgml#9 edit
Differences ...
==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mac/chapter.sgml#5 (text+ko) ====
@@ -700,7 +700,7 @@
implement the labeling feature, including the Biba, Lomac,
<acronym>MLS</acronym> and <acronym>SEBSD</acronym>
policies.</para>
-
+
<para>In many cases, the <option>multilabel</option> may not need
to be set at all. Consider the following situation and
security model:</para>
@@ -967,12 +967,6 @@
<screen>&prompt.root; <userinput>ugidfw add subject not uid root new object not uid root mode n</userinput></screen>
- <note>
- <para>In releases prior to &os; 5.3, the
- <parameter>add</parameter> parameter did not exist. In those
- cases the <parameter>set</parameter> should be used
- instead. See below for a command example.</para></note>
-
<para>This is a very bad idea as it will block all users from
issuing even the most simple commands, such as
<command>ls</command>. A more patriotic list of rules
@@ -1427,6 +1421,7 @@
company information, and financial institution environments.
The most unlikely place would be a personal workstation with
only two or three users.</para>
+ </sect2>
</sect1>
<sect1 id="mac-biba">
@@ -1552,7 +1547,7 @@
to.</para>
<para>The &man.mac.biba.4; security policy module permits an
- administrator to address which files and programs a user or
+ administrator to address which files and programs a user or
users may see and invoke while assuring that the programs and
files are free from threats and trusted by the system for that
user, or group of users.</para>
@@ -1570,7 +1565,7 @@
utilities. While other users would be grouped into other
categories such as testers, designers, or just ordinary
users and would only be permitted read access.</para>
-
+
<para>With its natural security control, a lower integrity subject
is unable to write to a higher integrity subject; a higher
integrity subject cannot observe or read a lower integrity
@@ -1733,7 +1728,7 @@
<username>www</username> users into the insecure class:</para>
<screen>&prompt.root; <userinput>pw usermod nagios -L insecure</userinput></screen>
- <screen>&prompt.root; <userinput>pw usermod www -L insecure</userinput></screen>
+ <screen>&prompt.root; <userinput>pw usermod www -L insecure</userinput></screen>
</sect2>
<sect2>
@@ -1887,7 +1882,7 @@
&man.mac.seeotheruids.4; could co-exist and block access not
only to system objects but to hide user processes as well.
- <para>Begin by adding the following lines to
+ <para>Begin by adding the following line to
<filename>/boot/loader.conf</filename>:</para>
<programlisting>mac_seeotheruids_enabled="YES"</programlisting>
@@ -2032,9 +2027,10 @@
<sect2>
<title>Error: &man..secure.path.3; cannot stat <filename>.login_conf</filename></title>
- <para>When I attempt to switch from the <username>root</username>
+ <para>When I attempt to switch from the <username>root</username> user
to another user in the system, the error message
- <errorname>_secure_path: unable to state .login_conf</errorname>.</para>
+ <errorname>_secure_path: unable to state .login_conf</errorname>
+ appears.</para>
<para>This message is usually shown when the user has a higher
label setting then that of the user whom they are attempting to
==== //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mac/chapter.sgml#9 (text+ko) ====
@@ -1066,13 +1066,6 @@
<screen>&prompt.root; <userinput>ugidfw add subject not uid root new object not uid root mode n</userinput></screen>
- <note><!--(rene) dit verwijderen, ook in en_US versie (1.73, regel 970)-->
- <para>In versies voor &os; 5.3 bestond de parameter
- <parameter>add</parameter> niet. In die gevallen dient in
- plaats daarvan <parameter>set</parameter> gebruikt te worden
- als in het onderstaande voorbeeld.</para>
- </note>
-
<para>Dit is een slecht idee, omdat het voorkomt dat alle
gebruikers ook maar het meest eenvoudige commando kunnen
uitvoeren, zoals <command>ls</command>. Een betere lijst met
@@ -1534,7 +1527,7 @@
instellingen zijn. De meest onwaarschijnlijke plaats zou een
persoonlijk werkstation met slechts twee of drie gebruikers
zijn.</para>
- </sect2> <!--(rene) ontbreekt in en_US 1.73 ?-->
+ </sect2>
</sect1>
<sect1 id="mac-biba">
@@ -1865,7 +1858,7 @@
/dev biba/equal
/dev/* biba/equal
-/var biba/equal <!--(rene) ws-fout in en_US 1.73 ?-->
+/var biba/equal
/var/spool biba/equal
/var/spool/* biba/equal
@@ -1999,8 +1992,8 @@
met &man.mac.seeotheruids.4; naast elkaar bestaan en zowel toegang
tot systeemobjecten als tot gebruikersprocessen ontzeggen.</para>
- <para>Begin door de volgende regels aan
- <filename>/boot/loader.conf</filename> toe te voegen:</para><!--(rene) dit is maar 1 regel? en_US 1.73 -->
+ <para>Begin door de volgende regel aan
+ <filename>/boot/loader.conf</filename> toe te voegen:</para>
<programlisting>mac_seeotheruids_enabled="YES"</programlisting>
@@ -2142,7 +2135,7 @@
<para>Bij het wisselen van <username>root</username> naar een
andere gebruiker in het systeem, verschijnt de foutmelding
- <errorname>_secure_path: unable to state .login_conf</errorname>.</para><!--(rene) Engelse tekst klopt niet 1.73-->
+ <errorname>_secure_path: unable to state .login_conf</errorname>.</para>
<para>Deze melding komt meestal voor als de gebruiker een hogere
labelinstelling heeft dan de gebruiker waarnaar wordt
More information about the p4-projects
mailing list