Re: user guide draft: "Introduction" review

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Murray McAllister <mmcallis@redhat.com>
To: Stephen John Smoogen <smooge@gmail.com>
Cc: SE Linux <selinux@tycho.nsa.gov>
Subject: Re: user guide draft: "Introduction" review
Date: Thu, 28 Aug 2008 09:32:15 +1000	[thread overview]
Message-ID: <48B5E3FF.1090102@redhat.com> (raw)
In-Reply-To: <80d7e4090808270908p1453e001g2c26f8f7b06709f4@mail.gmail.com>

Stephen John Smoogen wrote:

> Should all (R) be listed at the bottom of the chapter with who owns
> the registered trademark? I only ask because I am trying to figure out
> who has a trademark for the word Enforcement later on.

In the HTML build and on the wiki, there are the following pages:

<http://mdious.fedorapeople.org/drafts/html/chap-SELinux_User_Guide-Important_Trademark_Information.html>
<http://fedoraproject.org/wiki/Docs/Drafts/SELinux_User_Guide/SELinux_Implementation_Phase/Trademarks>

The page was copied from a previous guide, and was first created from 
advice from the legal team here...

> 
>> * Prevention against privilege escalation. Since subjects run in domains,
>> and are therefore separated from each other, and rules determine how
>> subjects access objects and other subjects, if a service is compromised, the
>> attacker only has access to the normal functions of that service, and to
>> files that the service has been configured to have access to. For example,
>> if the Apache HTTP Server is compromised, an attacker is unable to read
>> files in user home directories, unless a specific rule was added or
>> configured to allow such access.
>>
> 
> I worry about the word prevention.. it implies impossibility. Selinux
> discourages privilege escalation but a hole in a policy could still
> allow for privilege escalation.

Great point! I'll work on changing it to something more suitable.

Thanks again.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

     prev parent reply	other threads:[~2008-08-27 23:32 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-27  5:49 user guide draft: "Introduction" review Murray McAllister
2008-08-27 13:11 ` Stephen Smalley
2008-08-28  5:46   ` Murray McAllister
2008-08-28  9:16     ` James Morris
2008-08-31  4:08       ` Murray McAllister
2008-08-31 22:34         ` James Morris
2008-09-01  0:59   ` Murray McAllister
2008-09-01  5:04     ` James Morris
2008-09-02 12:28       ` Stephen Smalley
2008-09-02 12:27     ` Stephen Smalley
2008-08-27 16:08 ` Stephen John Smoogen
2008-08-27 23:32   ` Murray McAllister [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48B5E3FF.1090102@redhat.com \
    --to=mmcallis@redhat.com \
    --cc=selinux@tycho.nsa.gov \
    --cc=smooge@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.