On 26 Apr 2006 at 10:01, Joshua Brindle wrote: > This is no flamewar. The model is broken by my standards. It bypasses > built-in DAC and capabilities in the kernel making it the single attack > vector to gain all access on the system. Compare to grsecurity, rsbac, > selinux which do not bypass kernel access control or escalate privileges.
it'd help the discussion/review (which is what Andrea asked for) if you/others were more precise and cited specific attacks. generic hand- waving of 'this is broken' doesn't help it. this is not to say that i disagree with your opinion (fwiw, you and spender are on the same side for once ;-). > http://securityblog.org/brindle/2006/03/25/security-anti-pattern-status-quo-encapsulation/ > http://securityblog.org/brindle/2006/04/19/security-anti-pattern-path-based-access-control/ it's funny that you mention these as i just came across them and was going to post a rebuttal to many of your claims. do you want them here on the list or on the blog (it will probably take a few days until i have enough free time though)? -- [email protected] mailing list
