Lists Home |
Date Index |
to a large extent those articles are more opinion than anything else
imho. once tcse got underway it developed a life of it's own and many of
us spent an inordinate amount of time trying to satisfy it.
the reality is that any system can be compromised if you can work out a
way to masquerade yourself. this applies equally to the simple unix
uid/gid system and the more complex tcse mac system.
what i find in practice is that the uid/gid system is good for system
management while some sort of mac system is good inside an application.
by and large database systems have to effectively turn off the uid/gid
system to work and then apply a mac system to the users - codd included
this in the original rdbms designs.
unix has always been a secure system - you have to break into it to
abuse it - we're only arguing about the quality of the security. windows
has had no security for most of it's life. turn on the machine and you
have access. these days it has some security, and the mac system works
reasonably at the system level, but poorly at the user level. the next
level of security being proposed is likely to be a nightmare for
ordinary users, even if it works well for large organisations.
On Wed, 2003-10-01 at 11:14, Dare Obasanjo wrote:
> > -----Original Message-----
> > From: Tim Bray [mailto:firstname.lastname@example.org]
> > Sent: Tuesday, September 30, 2003 5:55 PM
> > To: Dare Obasanjo
> > Cc: Rich Salz; Bullard, Claude L (Len); Chris Wilper;
> > email@example.com
> > Subject: Re: [xml-dev] Managing Innovation
> > >
> > > This is probably the funniest thing I've ever read on XML-DEV.
> > Really? Which part? The assertion that Unix is basically
> > simpler than the alternatives, or the assertion that it
> > achieves a good level of security?
> The latter. Better people than me can tell you why this common
> misconception is false[0,1]. The main thing the Unix family of operating
> systems have going for them with regards to security is the higher
> degree of sophistication of their users and their lack of mainstream
> adoption than on their qualities as a "secure system". Of course, you
> may have a lower criteria for the term "secure system" than I do in
> which case YMMV.
>  http://www.nsa.gov/selinux/faq.html#I2
>  http://books.rsbac.org/unstable/x115.html