> Having Read about computer security, one of the parts that mostly > called up my atention were the access control mechanisms. I've found > out that the mechanism used by mostly of the Unix-like systems is DAC > (Discretionary Access Control) and as I could see OpenBSD fits in that > mechanism as well. But the literature says that there is a more > sophisticated mechanism, called MAC (Mandatory Access Control). In my > studies, all the papers I have read explain that > MAC is much more sophiscitated that DAC. Thus I would like to know > from you why OpenBSD does not implement this type of mechanism.
Because it is dumb, and due to it's complexity it impliments a serious systems lifetime trap for system administrators --- most of who are not much smarter than a sack of hammers (excluding those of you reading this, of course). Look, complexity does not avert risk. Ever. Period.
