Re: SE Linux vs. RSBAC (was Re: have I been rooted?)
On March 22, 2003 05:07 am, Russell Coker wrote:
> > Are you still maintaining the SE Linux packages, is it possible to
> > install an SE Linux Woody system?
>
> I am maintaining packages for Debian/Unstable, Brian is maintaining
> packages for Woody.
>
> At the sourceforge web site go to the "Docs" link and the first document
> explains how to install SE Linux on Debian.
> http://sourceforge.net/projects/selinux/
Perfect, that is the link (and reassurance) that I was looking for.
> The "Trusted Debian" project is based on RSBAC which is not as widely
> supported as SE Linux. Also it is based around the idea of re-packaging
> all Debian software which is a huge amount of work. I currently maintain
> 21 Debian packages for SE Linux which is more than enough work, maintaining
> a fork of all the base packages would be a huge amount of work.
Hmmm, that's almost the opposite of what they say (see
http://www.trusteddebian.org/rsbac.html):
- SE-Linux makes extensive changes to existing Linux tools, possibly leading
to a horrible versioning mess and delays in security updates
- RSBAC does not need any changes to existing tools, although it could benefit
from such changes.
Still I don't agree with most of their statements ... RSBAC may be a great
project, and I hope that it works out, but I am more inclined to trust code
that was developed at the NSA and audited by many developers than a project I
have only just heard about, a project which may have only a single developer
(or at least a pretty quiet mailing list).
> Also there seems to be no information on who makes this "Trusted Debian".
> The mailing list archives are broken links and there is no public
> information on who is behind the project.
The list archive worked for me ... http://www.rsbac.org/pipermail/rsbac/
Thanks for the feedback and SE-Linux link. I have already read the HOWTO and
compiled a Debian kernel for myself, before proceeding I will read the FAQ on
NSA's site.
--
Fraser Campbell <fraser@wehave.net> http://wehave.net/
Brampton, Ontario, Canada Debian GNU/Linux
Reply to: