| |||||||||||||
Ghosts of Unix past, part 3: Unfixable designsGhosts of Unix past, part 3: Unfixable designsPosted Nov 16, 2010 23:21 UTC (Tue) by vonbrand (subscriber, #4458)In reply to: Ghosts of Unix past, part 3: Unfixable designs by wazoox Parent article: Ghosts of Unix past, part 3: Unfixable designs
Due to the "ACL model" of Windows being a unmangeable mess? The user/group/others model is certainly lacking (it can't describe the full permissions matrix like the Bell-LaPadula model uses), but what are the real, usable alternatives?
(Log in to post comments)
Ghosts of Unix past, part 3: Unfixable designs Posted Nov 17, 2010 0:57 UTC (Wed) by rahvin (subscriber, #16953) [Link]
SELinux and an infinate level of fine grained control? I guess it really depends on how much control you need and how many man hours you want to put into maintaining it.
I'd imagine the US DOD has permission levels and tables that would make your head spin, after all their paper permission levels are nearly incomprehensible, I can't even imagine their computer permissions. In fact I'd wager there is an entire staff of people that do nothing but manage permissions.
Ghosts of Unix past, part 3: Unfixable designs Posted Nov 18, 2010 17:51 UTC (Thu) by davecb (subscriber, #1574) [Link]
I took the course, and they have the same four or five levels for everyone (unclassified, restricted ,confidential, secret and top secret), and a plethora of categories, possibly including "the commandant's cat's litter-box", assuming of course that you have secrets about it.
--dave
|
|||||||||||||