On Tue, 9 May 2000, James Sutherland wrote:
> > The previous problem? The all-powerfulness of the root user. The new
> > problem? The all-powerfulness of the monolithic kernel.
>
> No. ATM, we have BOTH problems; with MAC, we [almost] eliminate one of
> them. MAC shouldn't introduce any NEW problems, even if it isn't a perfect
> solution to the existing ones.
True of course. To elaborate on where my initial concern
was; traditionally the attention of the black-hats has been on userland
program bugs. A MAC implementation would shift attention towards the
kernel... Not all bad news, though; I do find it a lot harder to find
kernel security bugs than userland security bugs. The kernel tends to be
higher quality code.
> NT getting a certification pretty much rules out the possibility of taking
> the criteria seriously...
Funny, would you believe I was thinking that when I wrote my original post
:-)
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:14 EST