On Sat, 18 Aug 2007 01:29:58 EDT, Kyle Moffett said: > XFCE. If you can show me a security system other than SELinux which > is sufficiently flexible to secure those 2 million lines of code > along with the other 50 million lines of code found in various pieces > of software on my Debian box then I'll go put on my dunce hat and sit > in the corner. /me hands Kyle a dunce cap. :) Unfortunately, I have to agree that both AppArmor and Smack have at least the potential of qualifying as "securing the 2M lines of code". The part that Kyle forgot was what most evals these days call the "protection profile" - What's the threat model, who are you defending against, and just how good a job does it have to do? I'll posit that for a computer that is (a) not networked, (b) doesn't process sensitive information, and (c) has reasonable physical security, a security policy of "return(permitted);" for everything may be quite sufficient. (Of course, I also have boxes where "the SELinux reference policy with all the MCS extensions plus all the LSPP work" is someplace I'm trying to get to).
Attachment:
pgpQtxSpcLqkN.pgp
Description: PGP signature
- Follow-Ups:
- Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- From: Kyle Moffett <[email protected]>
- Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- References:
- Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- From: Casey Schaufler <[email protected]>
- Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- From: Kyle Moffett <[email protected]>
- Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- Prev by Date: Re: sched.c: why -fno-omit-frame-pointer?
- Next by Date: Re: [PATCH] rtc: Make rtc-ds1742 driver hotplug-aware
- Previous by thread: Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- Next by thread: Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
- Index(es):
 |