From: russell@coker.com.au (Russell Coker) Date: Fri, 26 Sep 2008 07:03:22 +1000 Subject: [refpolicy] services_amavis.patch In-Reply-To: <48DBF018.909@redhat.com> References: <48DAA876.2030804@redhat.com> <200809251719.10269.russell@coker.com.au> <48DBF018.909@redhat.com> Message-ID: <200809260703.25027.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Friday 26 September 2008 06:10, Daniel J Walsh wrote: > I tend to think this is is a good idea to look at some domains and start > to combine them to simplify policy. ? The pendulum has swung to far > towards least privs and needs to start coming back the other way. ?Email > handling/spam filtering/virus checking is the worst example of this. I don't agree with the blanket statement that the pendulum has swung too far towards least privs. However I think that there are some specific examples which seemed to involve too many domains at the time they were created and which never demonstrated a need for them. One example is the Postfix and Qmail policy which I wrote knowing that there were not security benefits in using so many domains. My plan for many years has been to review both of them and determine which domains could be merged. When I had time to work on this there were no tools to allow such analysis. I'll have to get back to this. -- russell at coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development