Access Control Mechanism (DAC x MAC)

Email lists > OpenBSD Miscellaneous topics

Thread: Access Control Mechanism (DAC x MAC)

Search this list only Search all lists
Access Control Mechanism (DAC x MAC)
	2007-07-03 20:32:01
Hi all, Having Read about computer security, one of the parts that mostly called up my atention were the access control mechanisms. I've found out that the mechanism used by mostly of the Unix-like systems is DAC (Discretionary Access Control) and as I could see OpenBSD fits in that mechanism as well. But the literature says that there is a more sophisticated mechanism, called MAC (Mandatory Access Control). In my studies, all the papers I have read explain that MAC is much more sophiscitated that DAC. Thus I would like to know from you why OpenBSD does not implement this type of mechanism. Thanks.

Re: Access Control Mechanism (DAC x MAC)
United States	2007-07-03 21:03:12
Joco Salvatti wrote: > Hi all, > > Having Read about computer security, one of the parts that mostly > called up my atention were the access control mechanisms. I've found > out that the mechanism used by mostly of the Unix-like systems is DAC > (Discretionary Access Control) and as I could see OpenBSD fits in that > mechanism as well. But the literature says that there is a more > sophisticated mechanism, called MAC (Mandatory Access Control). In my > studies, all the papers I have read explain that > MAC is much more sophiscitated that DAC. Thus I would like to know > from you why OpenBSD does not implement this type of mechanism. > if you've ever played the mortal combat games, this post conjures to mind the sound that occurs immediately prior to a fatality... > Thanks.

Re: Access Control Mechanism (DAC x MAC)
Taiwan	2007-07-03 22:18:44
Joco Salvatti wrote: > MAC is much more sophiscitated that DAC. Thus I would like to know > from you why OpenBSD does not implement this type of mechanism. More sophisticated != better. The longer answer is in the archives. --- Lars Hansson

Re: Access Control Mechanism (DAC x MAC)
Canada	2007-07-03 22:24:31
> Having Read about computer security, one of the parts that mostly > called up my atention were the access control mechanisms. I've found > out that the mechanism used by mostly of the Unix-like systems is DAC > (Discretionary Access Control) and as I could see OpenBSD fits in that > mechanism as well. But the literature says that there is a more > sophisticated mechanism, called MAC (Mandatory Access Control). In my > studies, all the papers I have read explain that > MAC is much more sophiscitated that DAC. Thus I would like to know > from you why OpenBSD does not implement this type of mechanism. Because it is dumb, and due to it's complexity it impliments a serious systems lifetime trap for system administrators --- most of who are not much smarter than a sack of hammers (excluding those of you reading this, of course). Look, complexity does not avert risk. Ever. Period.

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )

Mailing lists

ARCHIVES