[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security patches

On Sun, 30 Nov 2003 14:53, Colin Walters <walters@verbum.org> wrote:
> On Sat, 2003-11-29 at 22:47, David Spreen wrote:
> > of their programs. the system could use a db of installed-package
> > resources. Therefore we would need to create a common language that
> > could be translated to any acl-format.
> This doesn't make sense.  The basis of SELinux is Type Enforcement and
> RBAC, not ACLs.

I think that was just a terminology error.

> Trying to create some sort of "generic" security policy that could map
> to a SELinux policy or grsecurity policy would be very difficult, and I
> wouldn't trust my system's security to such a thing.

It would be difficult, and the output of such a program would need to be 
checked by a human.  But such a program should be able to at least reduce the 
difficulty of writing new policy.

Maybe if Brian May is interested in getting a second Ph.D he can look at it...

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: