2007/9/22, Joachim Schipper <[EMAIL PROTECTED]>: > The OpenBSD developers are trying to make the most secure UNIX system > they can; SELinux might or might not be secure, but it's not UNIX. What part of SELinux is NOT Unix? Remember that all traditional Unix rwx permissions are still there. > > Additionally, it's not entirely clear whether it actually helps; For example for blocking some critical operations for ALL users, even root. Of course, that's the case when strict traditional Unix-awareness is not so critical as the security of the system by itself. > SELinux configuration is, even at its best, a lot more complex than the > equivalent UNIX-ish configuration. Thus, it becomes more likely that > there will be either configuration or coding errors. Every security feature, every OS improvement IS an additional code. That's the problem of proper kernel and security policies audit, not SELinux as an idea. > > Joachim > > -- > TFMotD: kadmin (8) - Kerberos administration utility
- Re: OBSD's perspective on SELinux Jeffrey 'jf' Lim
- Re: OBSD's perspective on SELinux Douglas A. Tutty
- Re: OBSD's perspective on SELinux Ihar Hrachyshka
- Re: OBSD's perspective on SELinux Eduardo Tongson
- Re: OBSD's perspective on SELinux Brian Candler
- Re: OBSD's perspective on SELinux David Gwynne
- Re: OBSD's perspective on SE... Jason Dixon
- Re: OBSD's perspective on SELinux Jason Dixon
- Re: OBSD's perspective on SELinux Eduardo Tongson
- Re: OBSD's perspective on SELinux Joachim Schipper
- Re: OBSD's perspective on SELinux Ihar Hrachyshka
- Re: OBSD's perspective on SELinux Joachim Schipper
- Re: OBSD's perspective on SELinux Ted Unangst
- Re: OBSD's perspective on SELinux Stuart Henderson
- Re: OBSD's perspective on SELinux Douglas A. Tutty
- Re: OBSD's perspective on SELinux L. V. Lammert
- Re: OBSD's perspective on SELinux Rui Miguel Silva Seabra
- Re: digitally signed distribution (was: O... Joachim Schipper
- Re: digitally signed distribution (wa... Rui Miguel Silva Seabra
- Re: digitally signed distribution (wa... Martin Schröder