[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security patches

[moved to debian-security, where it belongs]

On Sat, 2003-11-29 at 22:47, David Spreen wrote:

> Even if you're perfectly right with that, I consider it important to
> provide our users the possibility to make their own choice regarding the
> acl systems to use.

You always have a choice to upload the security system of your choice to
Debian, and make sure it works well with Debian, as Russell has done for
SELinux.  So far no one has done so for grsecurity or RSBAC.

> Nevertheless I again would like to suggest a policy that forces the
> maintainers of packages to deliver informations about used system
> resources
> of their programs. the system could use a db of installed-package
> resources. Therefore we would need to create a common language that
> could be translated to any acl-format.

This doesn't make sense.  The basis of SELinux is Type Enforcement and
RBAC, not ACLs.  

Trying to create some sort of "generic" security policy that could map
to a SELinux policy or grsecurity policy would be very difficult, and I
wouldn't trust my system's security to such a thing.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: