[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

On Wed, 2 Apr 2003 15:58, Tommi Virtanen wrote:
> On Sun, Mar 23, 2003 at 12:27:54AM +0100, Russell Coker wrote:
> >                                       One thing to consider is that
> > increasing complexity is the enemy of security.
> 	Heh. And how do you rationalize pushing SE Linux, which tends
> 	to accumulate huge policies bordering on human comprehension?

SE Linux is based on the LSM interface which only permits restrictive 
controls.  SE Linux can not allow an operation that is otherwise denied by 
Unix permissions.

Therefore if SE Linux goes wrong the worst-case scenario is that the machine 
is equally secure as a machine running a regular Linux kernel.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: