On Fri, 2006-04-28 at 08:49 -0700, Casey Schaufler wrote:
>
> --- Stephen Smalley <[email protected]> wrote:
>
>
> > But this is a temporary situation, until we have the
> > infrastructure and
> > tools developed to make MAC truly manageable by
> > typical end users. Not
> > an inherent problem.
>
> Oh come on! I've been hearing that saw continueously
> since 1987. Mandatory MAC (as opposed to targeted MAC)
> is hard on sysadmins. It will remain so. SELinux,
> Trusted Solaris, Trusted IRIX, and anyone else are all
> a pain in the bum and will remain so.
Grouping SELinux with previous trusted systems doesn't make sense to me.
Administering non-MLS SELinux systems is already easier than
administering traditional MAC systems like Trusted Solaris and Trusted
IRIX. Much of the pain from tradition MAC systems comes from the
mismatch between MLS and the real world of unix and unix administration.
I know that you will disagree with this because you believe that MLS and
BIBA are simplier than TE, but that doesn't match my experience or the
feedback we get from our customers.
Karl
--
Karl MacMillan
Tresys Technology
www.tresys.com
> Tools are going
> to help only to a limited extent, they never make all
> the pain go away. Smarter people than I have been
> working on the problem for 20 years and I believe that
> it's safe to say there is no magic wand that will
> make the problems all go away.
>
> I like MAC. I like the Iron Fist approach to software
> security. I just don't believe that there's a glove
> with velvet thick enough to please the masses.
>
>
> Casey Schaufler
> [email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
