Re: MAC before DAC vs DAC before MAC

From: David Wagner (dawat_private)
Date: Wed Jul 25 2001 - 18:00:12 PDT

  • Next message: David Wagner: "Re: MAC before DAC vs DAC before MAC"

    Casey Schaufler  wrote:
    >If you assume that the in-kernel checks never have
    >side-effects this could work, but would definitely
    >be less than optimal. I really don't want to do a
    >DAC check if I've failed MAC. 
    
    Will your group be able to do the code audit to check
    whether there are any places where the in-kernel checks
    have an unacceptable side-effect, and report back if there
    are any problems?  I'm not sure whether we should worry
    about this until we know whether it is truly a barrier
    or not in practice.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 22:35:22 PDT