On Wed, Dec 07, 2011 at 10:44:55AM -0800, Linda Walsh wrote:
Cristian RodrC-guez wrote:
On 07/12/11 10:49, Marcus Meissner wrote:
"principle of least privilege" is probably the better wording.
Which usually becomes the "principle of least possible usability" :-(
---- Bingo.
Principle of least privilege is great for systems designed to constrain and control users. You want to keep users under your thumb and allow them nothing unless they need it. That how the US government is becoming... ... long e-mail deleted ... Please think about that Marcus. I'm 100% with you in having the *options* for strong hardening present, but don't think they should be the default... it's not the write-mindset for the space, IMO....
After your very long e-mail I have one question... Do you think that security has a too tight grasp on the current openSUSE releases up to now? If you are happy with the current state ... ... then my teams work is sufficiently balanced security vs features, as we are watching over openSUSE since the beginning. My intention originally was not to go and veto useful features. The intention was to bring up awareness that there is risk and how to keep them lower. That said I currently see nothing in debugfs that warrants a veto from security side, except perhaps having a way to mount it root-only or disable it easily for people hardening systems. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org