From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Sun, 9 Mar 2008 09:59:09 +0300 From: Alexey Tourbin To: ALT Linux Team development discussions Message-ID: <20080309065909.GA24653@solemn.turbinal> Mail-Followup-To: ALT Linux Team development discussions References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd" Content-Disposition: inline In-Reply-To: Subject: Re: [devel] =?koi8-r?b?U0VMaW51eCDXINHE0sHIIEFMVA==?= X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.10b3 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Mar 2008 06:59:12 -0000 Archived-At: List-Archive: List-Post: --vkogqOf2sHV7VnPd Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 08, 2008 at 07:00:52PM +0200, Eugene Ostapets wrote: > =F1 =D0=CF=CE=C9=CD=C1=C0, =DE=D4=CF =CD=CE=CF=C7=C9=CD =D0=D2=CF=DD=C5 = =D2=C1=D3=D0=C9=C8=C1=D4=D8 =D3=C5=D4=C5=D7=D9=C5 =D3=C5=D2=D7=C9=D3=D9 =D0= =CF =CF=D4=C4=C5=CC=D8=CE=D9=CD > =CB=CF=CE=D4=C5=CA=CE=C5=D2=C1=CD, =C1 =CE=C5 =DA=C1=CE=C9=CD=C1=D4=D8=D3= =D1 =CE=C1=D3=D4=D2=CF=CA=CB=CF=CA =CD=C1=CE=C4=C1=D4=CE=CF=CA =D3=C9=D3=D4= =C5=CD=D9 > =C2=C5=DA=CF=D0=C1=D3=CE=CF=D3=D4=C9, =CE=CF... =EB=D3=D4=C1=D4=C9, =CE=C1=D5=DE=CE=D9=CA =D0=D2=CF=C6=C5=D3=D3=CF=D2 DJB = =E2=C5=D2=CE=DB=D4=C5=CA=CE =D3=DE=C9=D4=C1=C5=D4, =DE=D4=CF SELinux =CE=C9=DE=C5=C7=CF =CE=C5 =C4=C1=A3=D4 =C9 =CE=C9=C6=C9=C7=C1 =CE=C5 =CE=D5= =D6=C5=CE. I have become convinced that this "principle of least privilege" is fundamentally wrong. Minimizing privilege might reduce the damage done by some security holes but almost never fixes the holes. Minimizing privilege is not the same as minimizing the amount of trusted code, does not have the same benefits as minimizing the amount of trusted code, and does not move us any closer to a secure computer system. http://cr.yp.to/qmail/qmailsec-20071101.pdf --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iEYEARECAAYFAkfTir0ACgkQfBKgtDjnu0aluwCeKTu9aTGODbeOoek5Eta9nKLZ d34Anjx3W7Ct25QdzK/4sVMbT2K58PAE =tNOa -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd--