Re: Security patches

To: Colin Walters <walters@verbum.org>, debian-security@lists.debian.org
Subject: Re: Security patches
From: Russell Coker <russell@coker.com.au>
Date: Sun, 30 Nov 2003 15:54:57 +1100
Message-id: <[🔎] 200311301554.57246.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 1070164421.8382.46.camel@nexus.verbum.private>
References: <64136.217.227.192.26.1070164041.squirrel@hole.netzwurm.de> <[🔎] 1070164421.8382.46.camel@nexus.verbum.private>

On Sun, 30 Nov 2003 14:53, Colin Walters <walters@verbum.org> wrote:
> On Sat, 2003-11-29 at 22:47, David Spreen wrote:
> > of their programs. the system could use a db of installed-package
> > resources. Therefore we would need to create a common language that
> > could be translated to any acl-format.
>
> This doesn't make sense.  The basis of SELinux is Type Enforcement and
> RBAC, not ACLs.

I think that was just a terminology error.

> Trying to create some sort of "generic" security policy that could map
> to a SELinux policy or grsecurity policy would be very difficult, and I
> wouldn't trust my system's security to such a thing.

It would be difficult, and the output of such a program would need to be 
checked by a human.  But such a program should be able to at least reduce the 
difficulty of writing new policy.

Maybe if Brian May is interested in getting a second Ph.D he can look at it...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- Re: Security patches
  - From: Colin Walters <walters@verbum.org>

Prev by Date: Re: Security patches
Next by Date: Re: Security patches
Previous by thread: Re: Security patches
Next by thread: packages.debian.org
Index(es):
- Date
- Thread