On 10-03-22 01:46:10, Don Quixote de la Mancha wrote: > On Sun, Mar 21, 2010 at 10:34 PM, Ed Greshko <Ed.Greshko@xxxxxxxxxxx> > wrote: > > Some people will point out that AppArmor comes from the Novell > > folks and is already integrated with openSUSE. They would also > > remind folks of the collaboration between Novell and Microsoft. > > > > So, when reading the various comparisons make sure you know which > > bias may be in play. > > Heh. That's a good point, but I would remind all of you that SELinux > comes from No Such Agency. > > Which Evil is the Lesser? Of the TLAs, the NSA is the only one that has ever earned our trust, at least in matters of security. The classic example comes from DES, which NSA changed slightly for reasons they would not disclose. A decade or two later, differential attacks were publicly discussed, and it turned out that DES was immune to them because of the NSAs changes to it. Trust is earned, and NSA as earned it as other TLAs have failed to. All of SELinux is public and open, and it will all have been looked at and commented on by very untrusting people. AFAIK, and I really don't, AppArmor is like locking the front door to one's house, and possibly locking the back door as well if one remembersto, while normal *nix security (permissions) is more like putting the valuable data into a safe, so it is locked even if a window is left open. SELinux uses the *nix model, of locking the inode, not the pathname to the inode. AIUI, Security people object to AppArmor as being fundamentally insecure, so if SELinux worked that way, it would have been about as much effort as it has been without any real security. But what do I know. -- ____________________________________________________________________ TonyN.:' <mailto:tonynelson@xxxxxxxxxxxxxxxxx> ' <http://www.georgeanelson.com/> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
