On Sat, Sep 22, 2007 at 11:34:33AM -0400, Douglas A. Tutty wrote:

quoted text
> Linux has SELinux in its 2.6 kernel and debian has gone ahead and

> compiled SELinux into the libraries, although the SELinux policies

> aren't ready on debian yet.  The whole focus seems to be to make Linux

> "more secure".  I'm not sure what to make of it.  I figure that if you

> want secure, you switch to OBSD.

>

> Could someone who knows both the details of OBSDs security enhancements

> and the details of SELinux comment?

I don't know all the details, and especially not the SELinux details,

but that won't stop me from commenting.
Not long ago I was talking with a Linux person about security, and they

pointed me to a set of patches that did a lot of nifty stuff. Good

stuff, like the things you find OpenBSD doing. But it's not in the

mainline kernel, it's a set of patches.
Security should not be grafted on, it should be integrated into the

main development process. I'm sure the patch maintainers are doing their

best, but this doesn't change the fundamental flaw in the process. It's

not a flaw of their making, it's inherent in the situation. But it's

still a flaw.
Compare that to a complete operating system (OpenBSD) where security is part of

code quality, and part of the normal mainline development.
--

Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG

dwchandler@stilyagin.com   |  http://phxbug.org/      |  http://metabug.org/

http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation