On Thu, 2007-09-20 at 13:19 +0000, Kevin Kofler wrote:
Richi Plana <myfedora <at> richip.dhs.org> writes:
> Why would anyone want an application to run, anyway, that has the
> potential of bringing down the system or accessing other users' files?
Unfortunately, when you're the only user on the system, running your
applications as your regular user won't help much, they can still eat all your
files. You'd have to run applications like browsers as a different user to take
advantage of the user-based security model, and I don't see many people doing
that.
Yeah. And a user-based, micro-level SELinux policy would probably be
overkill. I suppose there's no point in restricting access of media
players to only multimedia files or write access to files not marked for
editing. There comes a point when the only solution is to fix the
application.
--
Richi Plana