From: Joachim Blaabjerg <styx@SuxOS.org>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] Secure Gentoo
Date: 06 Mar 2002 21:50:05 +0100 [thread overview]
Message-ID: <1015447826.15423.36.camel@elysium.suxos.org> (raw)
In-Reply-To: <20020306162404.1ebb3670.nic_spam@yahoo.ca>
On Wed, 2002-03-06 at 22:24, Nic Desjardins wrote:
> > > How paranoid should it be? My first plan was to create ACLs for each and
> > > every binary and deny almost everything else, but that might be too
> > > paranoid for most people. What do you think? How about three security
> > > levels (no ACLs, normal ACLs and very strict ACls)?
> > The levels idea sounds like a nice idea, but it should be documented really good, so users can choose a good security level for their purposes.
> >
>
> I must make a note here, usually with security levels its too, how can I say this... 'generic', I mean you could look at how buggy a daemon has been in the past and have it marked level 4 security and other stuff too, but I usually think of security as something the user sets up himself. I like it this way.
> The other thing is, the user installs/starts the servers he wants, so there is no real need for security levels since the user will really do whatever he wants.
Well, I tend to agree, but most users would want to have a starting
point somewhat close to what they're trying to achieve. The security
levels I'm speaking of, are simply levels of strictness (or, 'security'
if you will) in ACLs, not the entire system. Writing those ACLs is a
tedious process, and it involves a lot of debugging and strace'ing a
normal user in need of security simply wouldn't want to get into.
--
Joachim Blaabjerg
styx@SuxOS.org
www.SuxOS.org
next prev parent reply other threads:[~2002-03-06 20:53 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-06 17:43 [gentoo-dev] Secure Gentoo Joachim Blaabjerg
2002-03-06 18:04 ` Daniel Robbins
2002-03-06 18:53 ` P.Gnodde
2002-03-06 21:24 ` Nic Desjardins
2002-03-06 20:50 ` Joachim Blaabjerg [this message]
2002-03-07 21:26 ` mbutcher
2002-03-06 18:53 ` Sebastian Werner
2002-03-08 11:12 ` Joachim Blaabjerg
2002-03-07 20:08 ` Karl Trygve Kalleberg
2002-03-08 11:11 ` Joachim Blaabjerg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1015447826.15423.36.camel@elysium.suxos.org \
--to=styx@suxos.org \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox