[cap-talk] More Heresey: ACLs not inherently bad
Bill Frantz
frantz at pwpconsult.com
Tue Sep 16 18:58:34 CDT 2008
alan.karp at hp.com (Karp, Alan H) on Thursday, September 11, 2008 wrote:
>I contend the installation endowment is the only time you need to grant O(20+) rights. Per execution
>is always(?) O(1).
Consider the example of make and its close friend, gcc. In "mature"
systems, the make environment is a (usually undocumented) monster
of directories and dependencies. It is majorly daunting to new
developers. Trying to apply POLA to that environment sends me
screaming to, "Just give make everything and lets get on with
life."
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said users haven't
www.periwinkle.com | learned anything about security?" -- Bruce Schneier
More information about the cap-talk
mailing list