[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

On Sun, 23 Mar 2003 00:22, Manoj Srivastava wrote:
> >> On Sat, 22 Mar 2003 21:07:39 +0100,
> >> Russell Coker <russell@coker.com.au> said:
> >>
>  > R/o root provides far less security than vserver, SE Linux, or
>  > systrace will provide.
>  >
>  > Why force developers to do more work for a ro root than is being
>  > done for more serious security measures.
> 	Hmm, I am finding this argument compelling. Could you
>  document what you think needs to be done to make SE Debian a
>  possibility?

The /usr/share issue discussed here over the last few days is one issue to 
resolve.  But it's not really serious, just an annoyance for everyone 

The main issue holding up SE Debian at the moment is the release of Linux 
2.6.0.  Linux 2.6.0 will have better portability support for LSM and SE 
Linux, the aim of which is that there should be no portability issues.

Currently I can't get support for SE Linux in base packages such as login and 
ssh because it doesn't compile on all architectures.

Most other things are getting done.  For example, several changes have been 
made to Postgresql to make it work better with SE Linux, but these changes 
(like most SE Linux related changes) also provide benefits for non-SE users.

In summary, /usr/share is the most serious issue related to SE Linux that can 
be addressed within Debian at the moment.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: