just a quick response, On Thursday 20 December 2007 10:08:56 am Michael Biebl wrote: > 2007/12/19, Rainer Gerhards <[EMAIL PROTECTED]>: > > Michael and all, > > > > I took me a while to craft a response to your excellent question. I have > > done this as a blog post so that it is easier to reference it in the > > future. > > > > I suggest that everyone interested in the v3 design has a look at it, > > because it describes the way I am heading. If someone doesn't like that, > > it is now time to speak up - in a few weeks it will probably be > > impossible to change routes. > > Based on your recent blog post here are some thoughts of mine. Please > keep in mind, that being (Debian) package maintainer, so I speak from > a distributors pov. >
> 3.) Security > You mentioned, that you try to improve security through modules. > Usually, having loadable module support is considered a security risk. > One messed up $IncludeConfig directive (or manipulated through a > malicious attacker), and you load potentially hazardous modules. > Loadable modules support introduces a much bigger attack vector. > > I'm not a SELinux guy. But I'd be interested if loadable modules could > cause trouble in putting rsyslog in it's own security domain. Maybe > the fedora guys can comment on this. I'm not SELinux guy either, but I don't see any problem here. Modules and binary will be in same domain. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
