From: Jakob Oestergaard <jakob@unthought.net>
To: Tupshin Harper <tupshin@tupshin.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: is KERNEL developement finished, yet ??? (ACLs)
Date: Fri, 6 Dec 2002 11:38:17 +0100 [thread overview]
Message-ID: <20021206103817.GN6155@unthought.net> (raw)
In-Reply-To: <3DEFB275.9000807@tupshin.com>
On Thu, Dec 05, 2002 at 12:09:25PM -0800, Tupshin Harper wrote:
...
> >Yeah, and look how much more secure it is than UNIX.
> >
> > Linus
> An unfortunately inflamatory argument that avoids the real issue. I'm
> not going to argue the security of NT (heaven forbid), but you do
> completely ignore the benefits of ACLs, including things that
> capabilities don't provide.
[snip - big argument, ACLs, seen 100 times on lkml before]
DAC (ACLs) add flexibility to security configurations, no argument
there. Flexibility != security.
DAC without MAC is insane.
Read "The Inevitability of Failure":
http://www.nsa.gov/selinux/inevit-abs.html
Yes, the current owner/group/other system is DAC too. Adding more
"flexible" (read: disaster-prone) features before MAC (eg. SELinux) is a
standard part of the kernel, is ludicrous.
And no, NT doesn't have MAC. Nor are they likely to get it. Guess why
any local user absolutely 0wnZ an NT box...
If you want to argue with me on these statements, please take it off
list.
--
................................................................
: jakob@unthought.net : And I see the elder races, :
:.........................: putrid forms of man :
: Jakob Østergaard : See him rise and claim the earth, :
: OZ9ABN : his downfall is at hand. :
:.........................:............{Konkhra}...............:
next prev parent reply other threads:[~2002-12-06 10:30 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-05 2:00 is KERNEL developement finished, yet ??? Ed Vance
2002-12-05 12:24 ` Shane Helms
2002-12-05 12:54 ` Joseph D. Wagner
2002-12-05 13:15 ` Andreas Schwab
2002-12-05 18:07 ` Linus Torvalds
2002-12-05 19:52 ` Shane Helms
2002-12-05 20:03 ` Linus Torvalds
2002-12-05 20:09 ` is KERNEL developement finished, yet ??? (ACLs) Tupshin Harper
2002-12-06 10:38 ` Jakob Oestergaard [this message]
2002-12-15 5:29 ` Tracy R Reed
2002-12-07 20:34 ` is KERNEL developement finished, yet ??? Kai Henningsen
2002-12-05 18:09 ` Alan Cox
2002-12-05 17:47 ` yodaiken
2002-12-05 19:08 ` John Bradford
2002-12-06 6:15 ` Joseph D. Wagner
2002-12-06 6:30 ` John Alvord
2002-12-06 9:48 ` Alvaro Lopes
2002-12-07 20:43 ` Kai Henningsen
2002-12-07 20:39 ` Kai Henningsen
2002-12-09 14:08 ` Jesse Pollard
2002-12-10 0:26 ` H. Peter Anvin
2002-12-05 14:33 ` Mikael Pettersson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021206103817.GN6155@unthought.net \
--to=jakob@unthought.net \
--cc=linux-kernel@vger.kernel.org \
--cc=tupshin@tupshin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox