Re: OBSD's perspective on SELinux

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Subject: Re: OBSD's perspective on SELinux

Date: Monday, September 24, 2007 - 10:52 am

On 9/22/07, Douglas A. Tutty <dtutty@porchlight.ca> wrote:
quoted text> Could someone who knows both the details of OBSDs security enhancements
> and the details of SELinux comment?

A capsule summary of the situation is:

OpenBSD aims to improve security by taking advantage of easy-to-use,
hard-to-disable, low-overhead technologies.

yes, you can disable propolice if you need to, but you have to know how.
yes, you can disable random library mappings, but you have to know how.
yes, you can disable W^X, but you have to try.

you could turn off the security features, but why would you, since
they don't get in your way, and they don't slow you down all that
much. i've not seen SELinux installations (or similar technologies)
that are easy to use correctly...

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 11:34 am)

Re: OBSD's perspective on SELinux, Damien Miller, (Mon Sep 24, 11:09 pm)

Re: OBSD's perspective on SELinux, Chris Kuethe, (Mon Sep 24, 10:52 am)

Re: OBSD's perspective on SELinux, Marco Peereboom, (Sat Sep 22, 11:27 pm)

Re: OBSD's perspective on SELinux, L. V. Lammert, (Sat Sep 22, 7:47 pm)

Re: OBSD's perspective on SELinux, Rui Miguel Silva Seabra, (Sun Sep 23, 5:54 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Mon Sep 24, 1:29 pm)

Re: OBSD's perspective on SELinux, Jacob Yocom-Piatt, (Mon Sep 24, 2:17 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Mon Sep 24, 3:14 pm)

Re: OBSD's perspective on SELinux, Brian Candler, (Mon Sep 24, 11:31 am)

Re: OBSD's perspective on SELinux, Rui Miguel Silva Seabra, (Mon Sep 24, 11:59 am)

Re: OBSD's perspective on SELinux, Marc Espie, (Tue Sep 25, 6:06 am)

Re: OBSD's perspective on SELinux, Marc Espie, (Tue Sep 25, 8:34 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Joachim Schipper, (Sun Sep 23, 6:35 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Martin Schröder, (Mon Sep 24, 11:18 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Lars Hansson, (Tue Sep 25, 1:57 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Darren Spruell, (Tue Sep 25, 2:32 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Gilles Chehade, (Mon Sep 24, 5:40 am)

Re: digitally signed distribution (was: OBSD's perspective o..., Martin Schröder, (Mon Sep 24, 12:02 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Antti Harri, (Mon Sep 24, 1:32 pm)

Re: digitally signed distribution (was: OBSD's perspective o..., Rui Miguel Silva Seabra, (Sun Sep 23, 6:38 pm)

Re: OBSD's perspective on SELinux, Ted Unangst, (Sat Sep 22, 2:50 pm)

Re: OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 4:21 pm)

Re: OBSD's perspective on SELinux, , (Sat Sep 22, 7:20 pm)

Re: OBSD's perspective on SELinux, Stuart Henderson, (Sat Sep 22, 4:00 pm)

Re: OBSD's perspective on SELinux, Joachim Schipper, (Sat Sep 22, 12:29 pm)

Re: OBSD's perspective on SELinux, Ihar Hrachyshka, (Sat Sep 22, 12:45 pm)

Re: OBSD's perspective on SELinux, Joachim Schipper, (Sat Sep 22, 4:39 pm)

Re: OBSD's perspective on SELinux, Darrin Chandler, (Sat Sep 22, 12:00 pm)

Re: OBSD's perspective on SELinux, Eduardo Tongson, (Sat Sep 22, 12:52 pm)

Re: OBSD's perspective on SELinux, Jason Dixon, (Sat Sep 22, 12:20 pm)

Re: OBSD's perspective on SELinux, Douglas A. Tutty, (Sat Sep 22, 1:21 pm)

Re: OBSD's perspective on SELinux, Ihar Hrachyshka, (Sat Sep 22, 1:38 pm)

Re: OBSD's perspective on SELinux, David Gwynne, (Mon Sep 24, 10:08 am)

Re: OBSD's perspective on SELinux, Jason Dixon, (Mon Sep 24, 10:25 am)

Re: OBSD's perspective on SELinux, , (Mon Sep 24, 2:28 pm)

Re: OBSD's perspective on SELinux, Brian Candler, (Sun Sep 23, 3:25 pm)

Re: OBSD's perspective on SELinux, Eduardo Tongson, (Sat Sep 22, 2:00 pm)

Re: OBSD's perspective on SELinux, Jeffrey 'jf' Lim, (Sat Sep 22, 12:26 pm)


linux-kernel:
Christoph Lameter	[04/14] vcompound: Core piece
Rafael J. Wysocki	2.6.24-rc4-git5: Reported regressions from 2.6.23
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Andrew Morton	Re: 2.6.21-rc2-mm1
git:
Ken Pratt	pack operation is thrashing my server
Kyle Moffett	Using GIT to store /etc (Or: How to make GIT store all file permission bits)
Nicolas Pitre	Re: Cleaning up git user-interface warts
Toby White	Using Filemerge.app as a git-diff viewer
openbsd-misc:
Richard Stallman	Real men don't attack straw men
Peter	OpenBSD as Virtualbox guest
Richard Daemon	OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?
Mark Zimmerman	alix 2c3 bios version
linux-fsdevel:
Christoph Hellwig	Re: silent semantic changes with reiser4
Al Boldi	Re: [RFD] Incremental fsck
Theodore Tso	Re: [RFC 0/13] extents and 48bit ext3
Josef Jeff Sipek	[PATCH 22 of 23] Unionfs: Unlink


trouble with my Asus Mainboard	5 hours ago	Linux kernel
windows folder creation surprise	7 hours ago	Windows
Random kernel panic with PPP in 2.6.16.26 kernel	7 hours ago	Linux kernel
sata/ide timeout errors on asus server-mb	12 hours ago	Linux kernel
Resetting the bios password for Toshiba Laptop	16 hours ago	Hardware
Testing for EXT3 filesystem corruption	1 day ago	Linux kernel
Easter Eggs in windows XP	1 day ago	Windows
The state of Linux audio	1 day ago	Linux kernel
reading and writing to configuration register of PCI device	2 days ago	Linux kernel
[HFSX] how to read HFSX partion label	2 days ago	Linux general

Re: OBSD's perspective on SELinux

Online users