-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gabriel Sechan wrote:
| What we really need are more fine grained permissions. Right now, | all we have is root/not root. All or nothing. What really needs | to be done is to allow file IO, network IO (of all different types- | TCP, UDP, listen(), and connect() by port), execute, etc to be set | separately. So you can set Apache to allow incoming connections | on port 80 and read from /http, but not allow it to execute a | program. All programs start with minimum permissions, and the OS | querries the user for more if needed. Ideally permission sets | could be saved so you can start a program with pre-arranged | privlidges each time. Oh, and normal users could not grant | additional privlidges beyond read/write in their own home.
SE Linux does all of the above. And it comes standard with FC3.
- -- Tracy Reed http://ultraviolet.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCNUcW9PIYKZYVAq0RAnGlAJ4vxGQkg+Zj31F7grvZLfJA1nMgeQCfTSPO 4r2JwmsVmTuJd1aMXaW65ms= =ldFA -----END PGP SIGNATURE-----
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
