9fans archive / 2001 / 09 / 360 /    prev next

From: presotto@pla...
Subject: Re: [9fans] authorization schemes (was CORBA)
Date: Wed, 26 Sep 2001 13:44:46 -0400

The real best part was an accidental 'du /|grep pattern' by a
user at a high level user made the whole file system useless to anyone
of lower classification.

Also, terminals were a real pain because their inodes had to
change security level whenever someone new logged in, which
meant chasing down anything somehow related to them.  Not
really in the orange book model.  Network connections were
equally bad.

The real lesson of the experiment was that security level
classification is hard to live with.