| 1 |
On Wed, 2002-03-06 at 22:24, Nic Desjardins wrote: |
| 2 |
|
| 3 |
> > > How paranoid should it be? My first plan was to create ACLs for each and |
| 4 |
> > > every binary and deny almost everything else, but that might be too |
| 5 |
> > > paranoid for most people. What do you think? How about three security |
| 6 |
> > > levels (no ACLs, normal ACLs and very strict ACls)? |
| 7 |
> > The levels idea sounds like a nice idea, but it should be documented really good, so users can choose a good security level for their purposes. |
| 8 |
> > |
| 9 |
> |
| 10 |
> I must make a note here, usually with security levels its too, how can I say this... 'generic', I mean you could look at how buggy a daemon has been in the past and have it marked level 4 security and other stuff too, but I usually think of security as something the user sets up himself. I like it this way. |
| 11 |
> The other thing is, the user installs/starts the servers he wants, so there is no real need for security levels since the user will really do whatever he wants. |
| 12 |
|
| 13 |
Well, I tend to agree, but most users would want to have a starting |
| 14 |
point somewhat close to what they're trying to achieve. The security |
| 15 |
levels I'm speaking of, are simply levels of strictness (or, 'security' |
| 16 |
if you will) in ACLs, not the entire system. Writing those ACLs is a |
| 17 |
tedious process, and it involves a lot of debugging and strace'ing a |
| 18 |
normal user in need of security simply wouldn't want to get into. |
| 19 |
|
| 20 |
-- |
| 21 |
Joachim Blaabjerg |
| 22 |
styx@×××××.org |
| 23 |
www.SuxOS.org |
Archives