Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965023AbVJDWcd (ORCPT ); Tue, 4 Oct 2005 18:32:33 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S965024AbVJDWcd (ORCPT ); Tue, 4 Oct 2005 18:32:33 -0400 Received: from h80ad254c.async.vt.edu ([128.173.37.76]:48357 "EHLO h80ad254c.async.vt.edu") by vger.kernel.org with ESMTP id S965023AbVJDWcc (ORCPT ); Tue, 4 Oct 2005 18:32:32 -0400 Message-Id: <200510042232.j94MWQR4006568@turing-police.cc.vt.edu> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.1-RC3 To: John Richard Moser Cc: linux-kernel@vger.kernel.org Subject: Re: The price of SELinux (CPU) In-Reply-To: Your message of "Tue, 04 Oct 2005 16:10:10 EDT." <4342E1A2.7080008@comcast.net> From: Valdis.Kletnieks@vt.edu References: <434204F8.2030209@comcast.net> <200510041539.j94FdJmO028772@turing-police.cc.vt.edu> <4342C9F1.2000005@comcast.net> <200510041943.j94Jhj4C007314@turing-police.cc.vt.edu> <4342E1A2.7080008@comcast.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1128465145_2752P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 04 Oct 2005 18:32:25 -0400 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1879 Lines: 47 --==_Exmh_1128465145_2752P Content-Type: text/plain; charset=us-ascii On Tue, 04 Oct 2005 16:10:10 EDT, John Richard Moser said: > > And the other users are users as well - what if the other user's "idiotic > > action" is to nuke your 500Mbyte archive of alt.binaries.pictures.llama.sex > > that's taking up the disk space that is keeping him from running the payroll > > software? In your world, rather than him being able to fix the problem, he has > > to go find a sysadmin with the root password to fix it, causing delays and > > being less friendly.... > Oh sure, except that. . . > > 1) You shouldn't be screwing with the payroll system > 2) You're quota'd on any good setup Ahem. You're adding in more "user unfriendly" constraints again. :) > In the end, massive, intrusive security is not exactly the best thing > for security's sake; but anything you can get away with significantly > cleanly (i.e. you don't break 99% of the applications on 99% of home > users' desktops) is worth immediate focus for those who are so inclined. Good. Now hand me that crystal ball that lets us know for sure which of those two categories any given security measure falls into. How often do we see "this shouldn't break anything" patches on this list that do, in fact, manage to break something anyhow? --==_Exmh_1128465145_2752P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFDQwL5cC3lWbTT17ARAgLOAJ0XFB9Kd2278SGOIMpQtzhS+fUAhQCgvOFj fm0HGq3nfPR2mn2Wh04qXkU= =KRov -----END PGP SIGNATURE----- --==_Exmh_1128465145_2752P-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/