tech-security: Re: Systrace policy fingerprints? (Re: finer grained IPNOPRIVPORTing)

Subject: Re: Systrace policy fingerprints? (Re: finer grained IPNOPRIVPORTing)
To: Simon J. Gerraty <sjg@crufty.net>
From: Daniel Carosone <dan@geek.com.au>
List: tech-security
Date: 06/01/2005 09:42:39

--NgG1H2o5aFKkgPy/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 31, 2005 at 04:33:11PM -0700, Simon J. Gerraty wrote:
> >cases). If multiple signers were required before an executable was run
> >then you would be able to enforce a "two man" rule if that was
> >required.
>=20
> But who needs that?

Consider the case where the two signers are "original third-party
vendor" and "internal approver" (ie, QA or Change Control).

--
Dan.

--NgG1H2o5aFKkgPy/
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFCnPZvEAVxvV4N66cRAqlGAKDJi9F8t3q3664IjKwV1dTvaogDVQCfWPI8
U9RqazKSPwUc9FALjQL1KW4=
=Iwse
-----END PGP SIGNATURE-----

--NgG1H2o5aFKkgPy/--