[cap-talk] Horton vs. ACLs
David Hopwood
david.hopwood at industrial-designers.co.uk
Tue Oct 9 00:18:05 EDT 2007
Jonathan S. Shapiro wrote:
> The audit problem is to provide a mechanism by which an external
> security auditor (a human using tools) can determine which programs have
> access to which authorities. There is an intrinsic conflict between the
> desire for and utility of private namespaces and the desire for and the
> importance of auditability.
Private namespaces are a non-negotiable requirement. The auditors will
just have to deal with the fact that not all objects are referred to by
human-friendly names -- which is true even in systems without private
namespaces.
--
David Hopwood <david.hopwood at industrial-designers.co.uk>
More information about the cap-talk
mailing list