[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
Jed Donnelley
jed at nersc.gov
Thu Oct 11 20:43:37 EDT 2007
On 10/11/2007 10:53 AM, Karp, Alan H wrote:
> Jed wrote:
>> Horton provides an alternative mechanism that doesn't require such
>> low level logging of capability transfers. If the capability was
>> legitimately transferred to Alan with Horton, then Alan would
>> be listed as responsible and his access to the data would be
>> logged in such a way as to make low level logs of capability
>> transfers unnecessary.
>>
> I agree. I was pointing out that low level logs could be used to track
> non-Horton transfers.
And to summarize my response, if you consider non-Horton
transfers as not meeting policy, then such are just a small
fraction of many more non-policy mechanisms that would also
not be detected by low level logs.
More information about the cap-talk
mailing list