[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Desktop apps interoperability

To: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Subject: Re: Desktop apps interoperability
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Thu, 31 Mar 2005 13:16:50 -0500
Cc: selinux@xxxxxxxxxxxxx
In-reply-to: <20050331165116.92416.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <20050331165116.92416.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Thu, 2005-03-31 at 08:51 -0800, Casey Schaufler wrote:
> Existing MLS systems allow unprivileged
> applications to run unmodified. In at least
> one case that included an unmodified X server.
> You have to do at least as well as the unix MLS
> systems to be credible. You think that's a
> low bar, so you shouldn't have any trouble,
> right?

You can certainly allow applications to run unmodified on SELinux today.
But there can be benefit from modifying applications to provide stronger
isolation and true least privilege in the future.  And users do care
about these "unprivileged" applications corrupting or leaking their
data.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxx>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Re: Desktop apps interoperability
  - From: Casey Schaufler

Prev by Date: Mozilla Denials Question
Next by Date: Cron /null fd:use use denials
Previous by thread: Re: Desktop apps interoperability
Next by thread: Re: Desktop apps interoperability
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.