SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Desktop apps interoperability This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Next in thread ] From: Casey Schaufler <casey_at_schaufler-ca.com> Date: Wed, 30 Mar 2005 09:27:51 -0800 (PST) Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote: > On Wed, Mar 30, 2005 at 09:04:26AM -0800, Casey > Schaufler wrote: > > > Yes, and I'm sure that you can do a configuration > > of most application defaults that will be good > > enough to demo. Application developers tend to > > have their own ideas regarding data storage and > > it is a bad idea for a system developer to > > interfere with said application developer's > > freedom to inovate. > > ... application developer's freedom to impose > insecurity, > through ignorance on the part of the app-developer, > upon > the users? What ignorance? The developer codes to the published policies (e.g. uids, modes, capabilities) and everything works within the published policy. Some stranger comes along and without warning arbitrarily imposes additional policy on the application that the developer has so carefully crafted, often without looking at the code to see what the developer's intent might have been. > no offense intended: None taken. I buy skin thickener in 55 gallon drums. > freedom in an abstract concept > [e.g. "the american way"] > _always_ has limits - laws / rules / policy > is defined to confine > that freedom, for good or worse. Yup. So long as those limits can be known by the "free" entity all is good. When additional constraints can be added whimsically there is bound to be resistance. Casey Schaufler casey@schaufler-ca.com Do you Yahoo!? Make Yahoo! your home page http://www.yahoo.com/r/hs -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 30 Mar 2005 - 12:29:06 EST This message: [ Message body ] Next message: Ivan Gyurdiev: "Re: Desktop apps interoperability" Previous message: Stephen Smalley: "Re: Desktop apps interoperability" Next in thread: Casey Schaufler: "Re: Desktop apps interoperability" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom