[cap-talk] Lampson: Principle Of Least Privilege as damaging
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Sun Apr 6 15:29:45 CDT 2008
Jed Donnelley wrote:
> cap-talk,
>
> I decided it was worthwhile to go back through Lampson's keynote from
> Usenix 05 and find where and in what context he presented his argument
> against POLP:
>
> Lampson:
> "I think, for example, that the Principle Of Least Privilege has done an
> enormous amount of damage to security because what it encourages
> you to do is to make everything fine grain and work out all the
> dependencies very carefully and it's too complicated.
Since no mainstream system has put significant effort into trying to
follow the Principle of Least Privilege, I don't see how doing so can
have been been the cause of "an enormous amount of damage to security".
--
David-Sarah Hopwood
More information about the cap-talk
mailing list