Posted Sep 23, 2004 22:10 UTC (Thu) by walters
In reply to: Complexity
Parent article: An introduction to SELinux
How do you propose to transition uids? How to keep them unique? What about the problem of applications which will want to look up little details like the home directory or user name in /etc/passwd? How do I grant access to this new uid for certain objects?
That's just a random selection of generic problems.
Now, even if you ran mozilla under a separate uid, you'd have to grant it access to your X connection. And at that point, you've lost, since with X any malicious client can sniff keystrokes, spawn a terminal and synthesize rm -rf / into it, etc.
SELinux doesn't solve that either right now - but it will, once we have Security-Enhanced X. And that's already in development.
to post comments)