From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <at@altlinux.ru>
Date: Sun, 9 Mar 2008 09:59:09 +0300
From: Alexey Tourbin <at@altlinux.ru>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <20080309065909.GA24653@solemn.turbinal>
Mail-Followup-To: ALT Linux Team development discussions
	<devel@lists.altlinux.org>
References: <e12fd2db0803080900x47641afao4b0961bf33a9cbee@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd"
Content-Disposition: inline
In-Reply-To: <e12fd2db0803080900x47641afao4b0961bf33a9cbee@mail.gmail.com>
Subject: Re: [devel] =?koi8-r?b?U0VMaW51eCDXINHE0sHIIEFMVA==?=
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Mar 2008 06:59:12 -0000
Archived-At: <http://lore.altlinux.org/devel/20080309065909.GA24653@solemn.turbinal/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 08, 2008 at 07:00:52PM +0200, Eugene Ostapets wrote:
> =F1 =D0=CF=CE=C9=CD=C1=C0, =DE=D4=CF =CD=CE=CF=C7=C9=CD =D0=D2=CF=DD=C5 =
=D2=C1=D3=D0=C9=C8=C1=D4=D8 =D3=C5=D4=C5=D7=D9=C5 =D3=C5=D2=D7=C9=D3=D9 =D0=
=CF =CF=D4=C4=C5=CC=D8=CE=D9=CD
> =CB=CF=CE=D4=C5=CA=CE=C5=D2=C1=CD, =C1 =CE=C5 =DA=C1=CE=C9=CD=C1=D4=D8=D3=
=D1 =CE=C1=D3=D4=D2=CF=CA=CB=CF=CA =CD=C1=CE=C4=C1=D4=CE=CF=CA =D3=C9=D3=D4=
=C5=CD=D9
> =C2=C5=DA=CF=D0=C1=D3=CE=CF=D3=D4=C9, =CE=CF...

=EB=D3=D4=C1=D4=C9, =CE=C1=D5=DE=CE=D9=CA =D0=D2=CF=C6=C5=D3=D3=CF=D2 DJB =
=E2=C5=D2=CE=DB=D4=C5=CA=CE =D3=DE=C9=D4=C1=C5=D4, =DE=D4=CF SELinux
=CE=C9=DE=C5=C7=CF =CE=C5 =C4=C1=A3=D4 =C9 =CE=C9=C6=C9=C7=C1 =CE=C5 =CE=D5=
=D6=C5=CE.

	I have become convinced that this "principle of least privilege"
	is fundamentally wrong. Minimizing privilege might reduce the
	damage done by some security holes but almost never fixes the
	holes. Minimizing privilege is not the same as minimizing the
	amount of trusted code, does not have the same benefits as
	minimizing the amount of trusted code, and does not move us any
	closer to a secure computer system.

http://cr.yp.to/qmail/qmailsec-20071101.pdf

--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkfTir0ACgkQfBKgtDjnu0aluwCeKTu9aTGODbeOoek5Eta9nKLZ
d34Anjx3W7Ct25QdzK/4sVMbT2K58PAE
=tNOa
-----END PGP SIGNATURE-----

--vkogqOf2sHV7VnPd--