Re: SE Linux vs. RSBAC (was Re: have I been rooted?)

To: Russell Coker <russell@coker.com.au>, Debian User <debian-user@lists.debian.org>
Cc: bam@snoopy.apana.org.au
Subject: Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
From: Fraser Campbell <fraser@wehave.net>
Date: Sat, 22 Mar 2003 18:28:16 -0500
Message-id: <[🔎] 200303221828.16173.fraser@wehave.net>
In-reply-to: <[🔎] 200303221107.12841.russell@coker.com.au>
References: <200303200143.h2K1hBd17565@numbat.computerdatasafe.com.au> <200303211748.41293.fraser@wehave.net> <[🔎] 200303221107.12841.russell@coker.com.au>

On March 22, 2003 05:07 am, Russell Coker wrote:

> > Are you still maintaining the SE Linux packages, is it possible to
> > install an SE Linux Woody system?
>
> I am maintaining packages for Debian/Unstable, Brian is maintaining
> packages for Woody.
>
> At the sourceforge web site go to the "Docs" link and the first document
> explains how to install SE Linux on Debian.
> http://sourceforge.net/projects/selinux/

Perfect, that is the link (and reassurance) that I was looking for.

> The "Trusted Debian" project is based on RSBAC which is not as widely
> supported as SE Linux.  Also it is based around the idea of re-packaging
> all Debian software which is a huge amount of work.  I currently maintain
> 21 Debian packages for SE Linux which is more than enough work, maintaining
> a fork of all the base packages would be a huge amount of work.

Hmmm, that's almost the opposite of what they say (see 
http://www.trusteddebian.org/rsbac.html):

- SE-Linux makes extensive changes to existing Linux tools, possibly leading
  to a horrible versioning mess and delays in security updates
- RSBAC does not need any changes to existing tools, although it could benefit
  from such changes.

Still I don't agree with most of their statements ... RSBAC may be a great 
project, and I hope that it works out, but I am more inclined to trust code 
that was developed at the NSA and audited by many developers than a project I 
have only just heard about, a project which may have only a single developer 
(or at least a pretty quiet mailing list).  

> Also there seems to be no information on who makes this "Trusted Debian". 
> The mailing list archives are broken links and there is no public
> information on who is behind the project.

The list archive worked for me ... http://www.rsbac.org/pipermail/rsbac/

Thanks for the feedback and SE-Linux link.  I have already read the HOWTO and 
compiled a Debian kernel for myself, before proceeding I will read the FAQ on 
NSA's site.
-- 
Fraser Campbell <fraser@wehave.net>                     http://wehave.net/
Brampton, Ontario, Canada                                     Debian GNU/Linux

Reply to:

Follow-Ups:
- Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
  - From: Russell Coker <russell@coker.com.au>
- Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
  - From: Brian May <bam@snoopy.apana.org.au>

References:
- Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: When will Sarge become Stable ?
Next by Date: Re: Root login to Windows X
Previous by thread: Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
Next by thread: Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
Index(es):
- Date
- Thread