1 |
On Wed, 2002-03-06 at 22:24, Nic Desjardins wrote: |
2 |
|
3 |
> > > How paranoid should it be? My first plan was to create ACLs for each and |
4 |
> > > every binary and deny almost everything else, but that might be too |
5 |
> > > paranoid for most people. What do you think? How about three security |
6 |
> > > levels (no ACLs, normal ACLs and very strict ACls)? |
7 |
> > The levels idea sounds like a nice idea, but it should be documented really good, so users can choose a good security level for their purposes. |
8 |
> > |
9 |
> |
10 |
> I must make a note here, usually with security levels its too, how can I say this... 'generic', I mean you could look at how buggy a daemon has been in the past and have it marked level 4 security and other stuff too, but I usually think of security as something the user sets up himself. I like it this way. |
11 |
> The other thing is, the user installs/starts the servers he wants, so there is no real need for security levels since the user will really do whatever he wants. |
12 |
|
13 |
Well, I tend to agree, but most users would want to have a starting |
14 |
point somewhat close to what they're trying to achieve. The security |
15 |
levels I'm speaking of, are simply levels of strictness (or, 'security' |
16 |
if you will) in ACLs, not the entire system. Writing those ACLs is a |
17 |
tedious process, and it involves a lot of debugging and strace'ing a |
18 |
normal user in need of security simply wouldn't want to get into. |
19 |
|
20 |
-- |
21 |
Joachim Blaabjerg |
22 |
styx@×××××.org |
23 |
www.SuxOS.org |