Stephen John Smoogen wrote:
Should all (R) be listed at the bottom of the chapter with who owns
the registered trademark? I only ask because I am trying to figure out
who has a trademark for the word Enforcement later on.
In the HTML build and on the wiki, there are the following pages:
<http://mdious.fedorapeople.org/drafts/html/chap-SELinux_User_Guide-Important_Trademark_Information.html>
<http://fedoraproject.org/wiki/Docs/Drafts/SELinux_User_Guide/SELinux_Implementation_Phase/Trademarks>
The page was copied from a previous guide, and was first created from
advice from the legal team here...
* Prevention against privilege escalation. Since subjects run in domains,
and are therefore separated from each other, and rules determine how
subjects access objects and other subjects, if a service is compromised, the
attacker only has access to the normal functions of that service, and to
files that the service has been configured to have access to. For example,
if the Apache HTTP Server is compromised, an attacker is unable to read
files in user home directories, unless a specific rule was added or
configured to allow such access.
I worry about the word prevention.. it implies impossibility. Selinux
discourages privilege escalation but a hole in a policy could still
allow for privilege escalation.
Great point! I'll work on changing it to something more suitable.
Thanks again.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
