Re: OBSD's perspective on SELinux

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Joachim Schipper <j.schipper@...>

To: <misc@...>

Subject: Re: OBSD's perspective on SELinux

Date: Saturday, September 22, 2007 - 12:29 pm

On Sat, Sep 22, 2007 at 11:34:33AM -0400, Douglas A. Tutty wrote:

quoted text

> Hello all,
>
> I'm running OBSD on my older boxes but still Debian on my big box (not
> ready yet).
>
> Linux has SELinux in its 2.6 kernel and debian has gone ahead and
> compiled SELinux into the libraries, although the SELinux policies
> aren't ready on debian yet. The whole focus seems to be to make Linux
> "more secure". I'm not sure what to make of it. I figure that if you
> want secure, you switch to OBSD.
>
> Could someone who knows both the details of OBSDs security enhancements
> and the details of SELinux comment?
>
> Please note: this is _not_ a troll, flame-ware-tinder-box, whatever.
> I'm genuinly interested.

The OpenBSD developers are trying to make the most secure UNIX system
they can; SELinux might or might not be secure, but it's not UNIX.

Additionally, it's not entirely clear whether it actually helps; a
SELinux configuration is, even at its best, a lot more complex than the
equivalent UNIX-ish configuration. Thus, it becomes more likely that
there will be either configuration or coding errors.

Joachim

--
TFMotD: kadmin (8) - Kerberos administration utility

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 11:34 am)

Re: OBSD's perspective on SELinux, Damien Miller, (Mon Sep 24, 11:09 pm)

Re: OBSD's perspective on SELinux, Chris Kuethe, (Mon Sep 24, 10:52 am)

Re: OBSD's perspective on SELinux, Marco Peereboom, (Sat Sep 22, 11:27 pm)

Re: OBSD's perspective on SELinux, L. V. Lammert, (Sat Sep 22, 7:47 pm)

Re: OBSD's perspective on SELinux, Rui Miguel Silva Seabra, (Sun Sep 23, 5:54 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Mon Sep 24, 1:29 pm)

Re: OBSD's perspective on SELinux, Jacob Yocom-Piatt, (Mon Sep 24, 2:17 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Mon Sep 24, 3:14 pm)

Re: OBSD's perspective on SELinux, Brian Candler, (Mon Sep 24, 11:31 am)

Re: OBSD's perspective on SELinux, Rui Miguel Silva Seabra, (Mon Sep 24, 11:59 am)

Re: OBSD's perspective on SELinux, Marc Espie, (Tue Sep 25, 6:06 am)

Re: OBSD's perspective on SELinux, Marc Espie, (Tue Sep 25, 8:34 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Joachim Schipper, (Sun Sep 23, 6:35 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Martin Schröder, (Mon Sep 24, 11:18 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Lars Hansson, (Tue Sep 25, 1:57 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Darren Spruell, (Tue Sep 25, 2:32 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Gilles Chehade, (Mon Sep 24, 5:40 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Martin Schröder, (Mon Sep 24, 12:02 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Antti Harri, (Mon Sep 24, 1:32 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Rui Miguel Silva Seabra, (Sun Sep 23, 6:38 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Sat Sep 22, 2:50 pm)

Re: OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 4:21 pm)

Re: OBSD's perspective on SELinux, , (Sat Sep 22, 7:20 pm)

Re: OBSD's perspective on SELinux, Stuart Henderson, (Sat Sep 22, 4:00 pm)

Re: OBSD's perspective on SELinux, Joachim Schipper, (Sat Sep 22, 12:29 pm)

Re: OBSD's perspective on SELinux, Ihar Hrachyshka, (Sat Sep 22, 12:45 pm)

Re: OBSD's perspective on SELinux, Joachim Schipper, (Sat Sep 22, 4:39 pm)

Re: OBSD's perspective on SELinux, Darrin Chandler, (Sat Sep 22, 12:00 pm)

Re: OBSD's perspective on SELinux, Eduardo Tongson, (Sat Sep 22, 12:52 pm)

Re: OBSD's perspective on SELinux, Jason Dixon, (Sat Sep 22, 12:20 pm)

Re: OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 1:21 pm)

Re: OBSD's perspective on SELinux, Ihar Hrachyshka, (Sat Sep 22, 1:38 pm)

Re: OBSD's perspective on SELinux, David Gwynne, (Mon Sep 24, 10:08 am)

Re: OBSD's perspective on SELinux, Jason Dixon, (Mon Sep 24, 10:25 am)

Re: OBSD's perspective on SELinux, , (Mon Sep 24, 2:28 pm)

Re: OBSD's perspective on SELinux, Brian Candler, (Sun Sep 23, 3:25 pm)

Re: OBSD's perspective on SELinux, Eduardo Tongson, (Sat Sep 22, 2:00 pm)

Re: OBSD's perspective on SELinux, Jeffrey 'jf' Lim, (Sat Sep 22, 12:26 pm)


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
WANG Cong	Re: WANTED: kernel projects for CS students
Hiten Pandya	Re: up? (emacs docbook xml ide)
Rafael J. Wysocki	[Bug #10606] 2.6.26-rc1 regression: ACPI fails to load SDT. - Dell M1530
linux-activists:
David Fenyes	sigsetmask()? (LINUX)
X X	X11 GIf viewer somewhere?
root	Broken pipe when using reboot/halt, etc.
Stephen Tweedie	Unmounting root (no kidding!) [was: Some Linux problems---solved]
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	Re: iptables very slow after commit784544739a25c30637397ace5489eeb6e15d7d49
David Miller	[GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().

Re: OBSD's perspective on SELinux

Online users