> And, such a easy and accessible MAC can help minimizing
> the damage after breach as a last resort.
>
>From what I've seen of OpenBSD, most of the mitigation is done here by
privilege separation.
For exemple, iked(8) is at least 3 process running together. One
process have access to the network
Hi,
There is IPC between the seperated parts though. Which makes me wonder
if someone gets the
protocol right on the compromised part they would be able to pull the
certificates no? What would
need to be done to get the protocol right then?
Regards,
-peter
On 10/29/15 11:34, ludovic coues
> Is there any opinion, policy or conclusion about newer & easier MAC
> implementation like Tomoyo or SMACK?
$ man pledge
That said, pledge is for trusted programs exposed to untrusted remote
input, which differs from MAC frameworks meant to tame sketchy binaries.
I just finished 'Absolute OpenBSD 2nd edtion'
and drank too much OpenBSD kool-aid.
I have some linux experience.
(which helped a lot flattening learning curve for OpenBSD)
I am doing research if there is any missing functionality
preventing me changing server OS from Linux to OpenBSD.
I found
4 matches
Mail list logo
