On 21 Jul 2001, David Wagner wrote: > Jesse Pollard wrote: > >All of the systems I've used have MAC evaluated before DAC. [...] > >It's also a bit more efficient for denial - [...] > > Why does the efficiency of denied requests matter? > I couldn't think of any reason why we would want to optimize > the performance of illegal operations. What am I missing? My thinking is that it doesn't matter. If you want to refuse, the cost really doesn't matter. HOWEVER, the cost of DETECTING a refusal (before it is decided) is significant and should be minimized. J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 21:23:24 PDT