Rogelio M. Serrano Jr. wrote:
> Dr. David Alan Gilbert wrote:

>> Allowing a user to tweak (under constraints) their settings might allow
>> them to do something like create two mozilla profiles which are isolated
>> from each other, so that the profile they use for general web surfing
>> is isolated from the one they use for online banking.

> Doesnt this allow the user to shoot their own foot? The exact thing
> mandatory access control are supposed to prevent?

cat `which mozilla` > ~/bin/mymozilla; chmod +x ~/bin/mozilla; mymozilla

Unless you lock down the system to a state where it's barely usable, MAC
isn't going to protect you from shooting your own feet. But having more
restricted roles and a safe way of activating them (as in "damn obvious
if or if not this role is active"), you can have e.g. one mozilla for
banking and one for pr0n.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at