Trixter -- why do your emails come in with an X-Unknown character set? drives me nuts... I have to copy and paste your replies.
trixter wrote:
it also relies upon linux, and not everyone using asterisk is using linux. Anything that further ties asterisk to a particular operating system seems counterproductive. systrace would likely be a better unix alternative than selinux given what selinux does (generally speaking it adds a 3rd id to the uid/gid pair).
While systrace can be useful, it is yet another piece of software you need to maintain and can open security bugs. Most of the 1.6x updates of Systrace are due to CERT security bulletins or privilege escallation bugs. It's great for making sure users on the box are being good, but since we're talking about a server, not a multi-user login-able system, systrace is more of a 3rd line of defense than 1st. Plus it may open you to MORE risk, due to the occasional security bug in systrace, especially if you aren't good at keeping up with the latest versions. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy [email protected] http://www.angryox.com/ ---------------------------------------------------------------------------
On Tue, 2009-03-10 at 21:58 -0400, Peter Beckman wrote: > Using SeLinux still relies on one knowing which boxes to check and > uncheck, what happens when you check or uncheck a box, and how to > configure it to be secure. Besides, it's overkill if you are running an > Asterisk box. > it also relies upon linux, and not everyone using asterisk is using linux. Anything that further ties asterisk to a particular operating system seems counterproductive. systrace would likely be a better unix alternative than selinux given what selinux does (generally speaking it adds a 3rd id to the uid/gid pair). This still makes it somewhat harder for the windows port of asterisk, which I dont know how much of that still works, I know that some of it got broken by other patches after it was working, I do not know if it has been updated to allow for asterisk to run in windows. -- Trixter http://www.0xdecafbad.com Bret McDanel pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
