Re: MAC before DAC vs DAC before MAC

• Previous message: David Wagner: "Re: MAC before DAC vs DAC before MAC"
• In reply to: Casey Schaufler: "Re: MAC before DAC vs DAC before MAC"
• Next in thread: Crispin Cowan: "Re: MAC before DAC vs DAC before MAC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Casey Schaufler  wrote:
>If you assume that the in-kernel checks never have
>side-effects this could work, but would definitely
>be less than optimal. I really don't want to do a
>DAC check if I've failed MAC. 

Will your group be able to do the code audit to check
whether there are any places where the in-kernel checks
have an unacceptable side-effect, and report back if there
are any problems?  I'm not sure whether we should worry
about this until we know whether it is truly a barrier
or not in practice.

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: MAC before DAC vs DAC before MAC"
• Previous message: David Wagner: "Re: MAC before DAC vs DAC before MAC"
• In reply to: Casey Schaufler: "Re: MAC before DAC vs DAC before MAC"
• Next in thread: Crispin Cowan: "Re: MAC before DAC vs DAC before MAC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 22:35:22 PDT