Alan M. Evans wrote:
On Fri, 2007-09-21 at 01:48 -0500, Mike McCarty wrote:
The firewall intends to prevent compromise.
SELinux intends to mitigate damage on a compromised machine.
I think a better description would be that SELinux intends to keep a
compromised application from becoming a compromised system.
One of the technical terms for that is Fault Isolation. I've designed
some Fault Isolation systems, myself.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
