Re: NSA SELinux, HP-LX

Top Page
Author: Paolo Alexis Falcone
To: PenguiGnus-2003 Mailing List
Subject: Re: NSA SELinux, HP-LX
On Sat, Apr 05, 2003 at 10:38:50PM +0800, Dakila Reyes II wrote:
> Hello,
> Meron na bang naka try dito ng SE Linux?
> At yung HP LX. Wala na atang download for HP LX.
> pero medyo maganda ata yung concepts (diminish/delegate the power of
> root) ng mga ito.

While the concepts behind SE Linux is quite commendable, that kernel
patch is quite very intrusive (it breaks a lot of applications unless
you patch them also), and is yet another layer of indirection besides
the already existing root.

There sure must be other methods that are less intrusive and yet would
make administering the machine simpler (not necessarily easier). A more
complex setup can become quite difficult to audit later on.

Just my already worthless two cents.


Paolo Alexis Falcone
ManilaCon 2003 GNU/Linux Hardening Team Coordination List
PenguiGnus-2003@??? (#PLUG @
Searchable Archives: