--- Stephen Smalley <[email protected]> wrote:
> But this is a temporary situation, until we have the
> infrastructure and
> tools developed to make MAC truly manageable by
> typical end users. Not
> an inherent problem.
Oh come on! I've been hearing that saw continueously
since 1987. Mandatory MAC (as opposed to targeted MAC)
is hard on sysadmins. It will remain so. SELinux,
Trusted Solaris, Trusted IRIX, and anyone else are all
a pain in the bum and will remain so. Tools are going
to help only to a limited extent, they never make all
the pain go away. Smarter people than I have been
working on the problem for 20 years and I believe that
it's safe to say there is no magic wand that will
make the problems all go away.
I like MAC. I like the Iron Fist approach to software
security. I just don't believe that there's a glove
with velvet thick enough to please the masses.
Casey Schaufler
[email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
