Summary of Informal SELinux Meeting on May 6, 2004
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Fri Jun 4 11:15:23 UTC 2004
On Fri, Jun 04, 2004 at 06:03:23PM +1000, Russell Coker wrote:
> On Fri, 4 Jun 2004 05:57, Luke Kenneth Casson Leighton <lkcl at lkcl.net> wrote:
> > ?all in the same single monolithic daemon that bound itself
> > ?to several different ports and several different unix domain
> > ?sockets, you wouldn't seriously consider saying that "this
> > ?hybrid is a trusted application" would you?
>
> "trusted" in this context does not mean "the code is great and we can totally
> trust it", but rather "due to the design of the system we have no choice but
> to trust it as it can totally break the security if it has a problem".
well, the thing is that if you use samba-tng, you _do_ have a choice.
each service is separated into its own daemon.
you might want to mention this to the samba team because they were
totally (and technically unjustifiable) unreasonably adamant that
no such thing would be implemented in samba(3).
"it's too slow"
"using unix domain sockets is insecure"
were my favourites.
l.
More information about the fedora-selinux-list
mailing list