Crispin Cowan wrote: > * The honeypot-like features that we did *not* choose to support in > LSM 1 would enable cool stuff like faking out the low ports that > GNOME wants. This would help in that you could run your GNOME > skank ware :-) in a kind of a sandbox where it *thinks* it is > getting access to low ports, but really isn't. From some private comments, I gather I was a little hard on the GNOME. No, I don't hate GNOME; in fact, I run GNOME on my desktop. However, I am underwhelmed with the business about opening low-numbered ports. I gather this is in aid of some CORBA-esque distributed object features that GNOME has (or had) ambitions about. I suggest that the people who thought this was a good idea should go read Bill Gates memo http://www.informationweek.com/story/IWK20020118S0093 because the GNOME, in enabling these features without provisioning to secure them, is making the same mistake that Microsoft makes when they enable scripting in their mail client. Sure, it makes it more convenient, but at what cost? Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html The Olympic Games: A Century of Corruption and Graft The FIS: Crushing the soul of snowboarding _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 20:41:08 PST