[cap-talk] Reducing Ambient user authority in a Type Safe /Memory Safe OS.
Jonathan S. Shapiro
shap at eros-os.org
Wed Jan 13 12:59:56 PST 2010
Relevant to this:
http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf
On Sat, Dec 19, 2009 at 12:18 PM, James A. Donald <jamesd at echeque.com>wrote:
> Ben Kloosterman wrote:
> > - The desire by admins ( and hence organizations) to allow only
> > system/security admins to approve certain functions which may includes
> > installing applications in some organizations. This includes the
> > centralized control of rights.
>
> People desire what is not good for them. What they desire is that other
> people are required to do certain tasks, and then required to seek
> permissions to accomplish those tasks - which pretty much guarantees
> that users will work to subvert security. And since the end user has
> physical control of the box or the data, the end user will always
> succeed. The petty bureaucrat, by maximizing his power within the
> organization, undermines the organization's security.
>
> Observe that one of the big reason's for walmart's success is that other
> big box company purchasing managers routinely accept bribes from
> salesmen, while Walmart purchasers are notoriously honest.
>
> Meeting admin desires is in this case meeting admin desire to undermine
> security for personal benefit. Security mechanisms have to benefit the
> person who has physical control of the data and the box on which it
> resides, not the admin, or else they will always be bypassed.
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100113/67755714/attachment.html
More information about the cap-talk
mailing list