Re: OBSD's perspective on SELinux

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: OpenBSD general usage list <misc@...>

Subject: Re: OBSD's perspective on SELinux

Date: Saturday, September 22, 2007 - 12:20 pm

On Sep 22, 2007, at 12:00 PM, Darrin Chandler wrote:
> On Sat, Sep 22, 2007 at 11:34:33AM -0400, Douglas A. Tutty wrote:

quoted text>> Linux has SELinux in its 2.6 kernel and debian has gone ahead and

>> compiled SELinux into the libraries, although the SELinux policies

>> aren't ready on debian yet.  The whole focus seems to be to make

>> Linux

>> "more secure".  I'm not sure what to make of it.  I figure that if

>> you

>> want secure, you switch to OBSD.

>>

>> Could someone who knows both the details of OBSDs security

>> enhancements

>> and the details of SELinux comment?

>

> I don't know all the details, and especially not the SELinux details,

> but that won't stop me from commenting.

>

> Not long ago I was talking with a Linux person about security, and

> they

> pointed me to a set of patches that did a lot of nifty stuff. Good

> stuff, like the things you find OpenBSD doing. But it's not in the

> mainline kernel, it's a set of patches.

>

> Security should not be grafted on, it should be integrated into the

> main development process. I'm sure the patch maintainers are doing

> their

> best, but this doesn't change the fundamental flaw in the process.

> It's

> not a flaw of their making, it's inherent in the situation. But it's

> still a flaw.

>

> Compare that to a complete operating system (OpenBSD) where

> security is part of

> code quality, and part of the normal mainline development.
If I could add one thing to Darrin's comment (of which I agree

completely), it would be this:
SELinux is a button.  Buttons are easy to turn off.
---

Jason Dixon

DixonGroup Consulting

http://www.dixongroup.net

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 11:34 am)

Re: OBSD's perspective on SELinux, Damien Miller, (Mon Sep 24, 11:09 pm)

Re: OBSD's perspective on SELinux, Chris Kuethe, (Mon Sep 24, 10:52 am)

Re: OBSD's perspective on SELinux, Marco Peereboom, (Sat Sep 22, 11:27 pm)

Re: OBSD's perspective on SELinux, L. V. Lammert, (Sat Sep 22, 7:47 pm)

Re: OBSD's perspective on SELinux, Rui Miguel Silva Seabra, (Sun Sep 23, 5:54 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Mon Sep 24, 1:29 pm)

Re: OBSD's perspective on SELinux, Jacob Yocom-Piatt, (Mon Sep 24, 2:17 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Mon Sep 24, 3:14 pm)

Re: OBSD's perspective on SELinux, Brian Candler, (Mon Sep 24, 11:31 am)

Re: OBSD's perspective on SELinux, Rui Miguel Silva Seabra, (Mon Sep 24, 11:59 am)

Re: OBSD's perspective on SELinux, Marc Espie, (Tue Sep 25, 6:06 am)

Re: OBSD's perspective on SELinux, Marc Espie, (Tue Sep 25, 8:34 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Joachim Schipper, (Sun Sep 23, 6:35 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Martin Schröder, (Mon Sep 24, 11:18 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Lars Hansson, (Tue Sep 25, 1:57 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Darren Spruell, (Tue Sep 25, 2:32 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Gilles Chehade, (Mon Sep 24, 5:40 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Martin Schröder, (Mon Sep 24, 12:02 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Antti Harri, (Mon Sep 24, 1:32 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Rui Miguel Silva Seabra, (Sun Sep 23, 6:38 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Sat Sep 22, 2:50 pm)

Re: OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 4:21 pm)

Re: OBSD's perspective on SELinux, , (Sat Sep 22, 7:20 pm)

Re: OBSD's perspective on SELinux, Stuart Henderson, (Sat Sep 22, 4:00 pm)

Re: OBSD's perspective on SELinux, Joachim Schipper, (Sat Sep 22, 12:29 pm)

Re: OBSD's perspective on SELinux, Ihar Hrachyshka, (Sat Sep 22, 12:45 pm)

Re: OBSD's perspective on SELinux, Joachim Schipper, (Sat Sep 22, 4:39 pm)

Re: OBSD's perspective on SELinux, Darrin Chandler, (Sat Sep 22, 12:00 pm)

Re: OBSD's perspective on SELinux, Eduardo Tongson, (Sat Sep 22, 12:52 pm)

Re: OBSD's perspective on SELinux, Jason Dixon, (Sat Sep 22, 12:20 pm)

Re: OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 1:21 pm)

Re: OBSD's perspective on SELinux, Ihar Hrachyshka, (Sat Sep 22, 1:38 pm)

Re: OBSD's perspective on SELinux, David Gwynne, (Mon Sep 24, 10:08 am)

Re: OBSD's perspective on SELinux, Jason Dixon, (Mon Sep 24, 10:25 am)

Re: OBSD's perspective on SELinux, , (Mon Sep 24, 2:28 pm)

Re: OBSD's perspective on SELinux, Brian Candler, (Sun Sep 23, 3:25 pm)

Re: OBSD's perspective on SELinux, Eduardo Tongson, (Sat Sep 22, 2:00 pm)

Re: OBSD's perspective on SELinux, Jeffrey 'jf' Lim, (Sat Sep 22, 12:26 pm)


linux-kernel:
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)

Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Rafael J. Wysocki	Re: Linux 2.6.27-rc5: System boot regression caused by commit a2bd7274b47124d2fc4d...
git:

linux-netdev:

Gerrit Renker	[PATCH 0/37] dccp: Feature negotiation - last call for comments
David Miller	[GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Re: OBSD's perspective on SELinux

Online users