X/smtp servers (was Re: TrustedBSD Extensions Project)
jont at us.ibm.com
jont at us.ibm.com
Wed Apr 12 20:15:05 GMT 2000
Sorry my previous post was less than clear, I lost sight of the forest
for the trees.
I think I want to make two points, IMO:
1) B1 access control (MLS/lattice + user DAC) is inadequate,
it needs to be extended to support role-based access control (RBAC),
and probably an integrity model such as type enforcement.
2) Large user-mode servers don't really follow (they can't) the
principle of least privilege. Therefore it is a mistake to "improve"
such large servers rather than to re-architect them to solve the
privilege problems.
One question which then arises is which large services can be
re-architected ? and which need to tweaked ?
As I noted sendmail has already been re-architected (several times :-),
as I believe has usenet news software.
Clearly my suggestion for GGI(+X) over straight X is contentious.
Perhaps it should be taken out of the main list ...
Or perhaps its a non-issue at this point in time due to lack of resources.
- JonT
---
Jon Tidswell
Advanced OS Technology Group / Sawmill Linux Project
IBM TJ Watson Research Center 30 Saw Mill River Road, Hawthorne, N.Y. 10532
Email: jont at us.ibm.com Voice: +1 914 784 7550
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list