[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Desktop apps interoperability

To: Stephen Smalley <sds@xxxxxxxxxxxxx>
Subject: Re: Desktop apps interoperability
From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Date: Wed, 30 Mar 2005 09:53:37 -0800 (PST)
Cc: selinux@xxxxxxxxxxxxx
In-reply-to: 6667
Sender: owner-selinux@xxxxxxxxxxxxx

--- Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Wed, 2005-03-30 at 09:04 -0800, Casey Schaufler
> wrote:
> > Well, the old unix way was for them to run as
> > a normal (unprivileged) user. No privilege, no
> > problem, right?
> 
> Did you miss the desktop talk at the SELinux
> symposium?  

The BOF? Oh, I was there. I have witnesses!

> TE (not DTE, different beast, ask me privately if
> you want a comparison
> paper) can operate transparently to the application,
> but you often can't
> achieve true least privilege without application
> modifications or
> changes in its conventional usage.  

Well, that will be a barrier to acceptance.


Casey Schaufler
casey@xxxxxxxxxxxxxxxx


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/ 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Desktop apps interoperability
  - From: Stephen Smalley

Prev by Date: Re: Desktop apps interoperability
Next by Date: Re: Desktop apps interoperability
Previous by thread: Re: Desktop apps interoperability
Next by thread: Re: Desktop apps interoperability
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.