> It is a product of academics employed by NSA, and so of questionable practical > use for people who are dealing with system admin and security issues on daily > basis. Not exactly. It's the product of sixty years of work on security models in all sorts of areas. This particular implementation was done initially by the NSA along with similar code for other OSs but its not entirely NSA code or ideas, far from it. Security models are complex for a complex system. That would appear to be unavoidable given the law of necessary variety. > http://fedoraproject.org/wiki/Features/RemoveSETUID Capabilities help with a few small problems in reducing the privileges of some things that could be subject to attack but don't need that degree of rights. Doesn't really help against things like browser based attacks where you need a model that can express things like "web browsers don't XYZ" Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
