On Fri, Mar 12, 2004 at 04:03:34PM -0800, Crispin Cowan wrote:
> Jose Nazario wrote:
>
> >SELinux. LIDS. systrace (Linux, BSD, MacOS X). a few things on FreeBSD i
> >can't recall.
> >
> SubDomain predates all of these except for SELinux (which has roots that
> go back nearly 20 years) and LIDS go
> This is exactly what Immunix SubDomain does: define the files and
> network activities that each program may access. We use use regular
> expressions to specify policy, so for instance, fingerd could be
> permitted to read /home/*/.plan and not read anything else.
I'm glad to hear that SubDomain
Jared W. Robinson wrote:
This is exactly what Immunix SubDomain does: define the files and
network activities that each program may access. We use use regular
expressions to specify policy, so for instance, fingerd could be
permitted to read /home/*/.plan and not read anything else.
I'm glad
Hi Crispin,
Thanks for the detailed response and comparison of SubDomain to SELinux
and systrace.
As I understand it, if SubDomain-restricted program A starts program B,
then B is governed by the SubDomain rules for B, and not by the rules of
A. Correct?
In theory, an attacker that compromise