Shane Kerr wrote: > On 2001-04-24 00:27:58 +0000, Crispin Cowan wrote: > > I submit that the number is "very nearly zero." At the moment, > > anyway, I'm more convinced by the arguments that a well-constructed > > app. just does what it is supposed to do, and doesn't try to probe to > > see what is permitted. > > I (mostly) agree with this. One thing that does make me wonder if there > should be a standard (or even recommendation) for allowing > administrators to examine permissions. Since permissions is a per-module thing, checking permissions also needs to be per module. For instance, under SubDomain you check permissions by going & looking at the conf files. Under SELinux, there appear to be system calls & utilities to do that. Standardizing these very different models would be hard. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 08:59:48 PDT