On Wed, 2004-04-21 at 15:40, Stephen Smalley wrote: > I'd rather move away from asking for a password at all in newrole, and > substitute some other user confirmation mechanism (one that doesn't risk > exposure of a secret). Ok. Well do you (or anyone else, Dan?) have any suggestions for the short term? For FC2 we could just tell users to always use 'su'. The unfortunate thing here is that Fedora users who are reading upstream docs will get exactly the opposite information :/ > > Yeah. It seems there is some work in this area going on: > > http://shellcode.org/Kernel/tpe/ > > TPE is _not_ related to the classical notion of trusted path at all. > Type Enforcement is a better mechanism for providing the equivalent > functionality of TPE. Trusted path is described in the latter part of > http://www.nsa.gov/selinux/papers/inevitability/#2 , among other places. I'd just briefly glanced at the TPE page. Looking at it more carefully I think you're right.
Attachment:
signature.asc
Description: This is a digitally signed message part
