Hello and welcome.
From your article:
Quote:
|
The OpenBSD approach to security is primarily focused on writing quality code, with the aim being to eliminate vulnerabilities in source code. To this end, the OpenBSD team has been quite successful, with the base system having had very few vulnerabilities in "a heck of a long time". While this approach is commendable, it is fundamentally flawed when compared to the approach taken by various extended access control frameworks.
|
These options are not mutually exclusive. A large number of security issues are due to "stupid mistakes" such as not checking return codes and the like. Writing quality code is not just the OpenBSD approach for a secure system, but it is
necessary for a secure system.
Whether or not ACL's, MAC labels, and whatnot are good security features is a entirely different discussion.
If you are going to implement such feature, then they
must be writing with quality code or else there
will be security holes.
In any case, ACL's are not a magic bullet for a secure system, point in case being the MS Windows Nt/2000/XP/Vista/7 systems, which all have ACLs are are not exactly widely known for their security
