dawat_private (David Wagner): > Casey Schaufler wrote: > >Let us not forget our real-time embedded friends, > >who want the null security policy. > >[...] a DAC module which does no > >checks but always returns success speeds them up. > > Do you have any proof of this? I'm skeptical that the difference is > noticeable under common usage, but without measurements, I don't know > how to evaluate this claim either way. I'm not so sure of the speed, but definitely the memory consumption. When I worked in embeded systems, we had to keep the kernel (wasn't linux) under 4K, and were always squeezed for ROM storage. Although the resident memory constraints are not that bad, ROM storage is still limited. Having the DAC present also means that you are always programming with the view that any protection accidentally imposed can prevent the target from functioning properly.. ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollardat_private Any opinions expressed are solely my own. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 05:31:34 PDT