Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> It is a product of academics employed by NSA, and so of questionable practical
> use for people who are dealing with system admin and security issues on daily
> basis.

Not exactly. It's the product of sixty years of work on security models
in all sorts of areas. This particular implementation was done initially
by the NSA along with similar code for other OSs but its not entirely NSA
code or ideas, far from it.

Security models are complex for a complex system. That would appear to be
unavoidable given the law of necessary variety.

> http://fedoraproject.org/wiki/Features/RemoveSETUID

Capabilities help with a few small problems in reducing the privileges
of some things that could be subject to attack but don't need that degree
of rights.

Doesn't really help against things like browser based attacks where you
need a model that can express things like "web browsers don't XYZ"

Alan
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux