Rogelio M. Serrano Jr. <[EMAIL PROTECTED]> wrote: > Dr. David Alan Gilbert wrote:
>> Allowing a user to tweak (under constraints) their settings might allow >> them to do something like create two mozilla profiles which are isolated >> from each other, so that the profile they use for general web surfing >> is isolated from the one they use for online banking. >> >> > Doesnt this allow the user to shoot their own foot? The exact thing > mandatory access control are supposed to prevent? cat `which mozilla` > ~/bin/mymozilla; chmod +x ~/bin/mozilla; mymozilla Unless you lock down the system to a state where it's barely usable, MAC isn't going to protect you from shooting your own feet. But having more restricted roles and a safe way of activating them (as in "damn obvious if or if not this role is active"), you can have e.g. one mozilla for banking and one for pr0n. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/