Re: (MAC/DAC) RE: Future Linux devel. Kernels

From: Chris Evans (
Date: Tue May 09 2000 - 13:02:58 EST

On Tue, 9 May 2000, James Sutherland wrote:

> > The previous problem? The all-powerfulness of the root user. The new
> > problem? The all-powerfulness of the monolithic kernel.
> No. ATM, we have BOTH problems; with MAC, we [almost] eliminate one of
> them. MAC shouldn't introduce any NEW problems, even if it isn't a perfect
> solution to the existing ones.

True of course. To elaborate on where my initial concern
was; traditionally the attention of the black-hats has been on userland
program bugs. A MAC implementation would shift attention towards the
kernel... Not all bad news, though; I do find it a lot harder to find
kernel security bugs than userland security bugs. The kernel tends to be
higher quality code.

> NT getting a certification pretty much rules out the possibility of taking
> the criteria seriously...

Funny, would you believe I was thinking that when I wrote my original post


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:14 EST