Re: Wanting To Try FreeBSD: Security Question.
- From: "Matthew X. Economou" <xenophon+usenet@xxxxxxxxxx>
- Date: 04 Apr 2006 11:03:13 -0400
"Giorgos" == Giorgos Keramidas <keramida@xxxxxxxxxxxxxxx> writes:
Giorgos> Are you sure you need MAC, in the first place? Are you
Giorgos> prepared to spend the time it takes to configure it
Giorgos> properly? To what end?
In my opinion, POSIX capabilities provide a much better mechanism to
accomplish the kinds of system access restrictions normally
implemented by Unix chroot environments or BSD jails. Capabilities
eliminate the need to maintain copies of your working binaries and
libraries, or to duplicate portions of the file system structure
(e.g. /dev). You should take a look at SELinux on Fedora Core. The
distribution maintainers did a good job of implementing sensible
access restrictions using capabilities. Take a look at the following
web sites for more information:
http://fedora.redhat.com/docs/selinux-faq-fc5/
http://fedoraproject.org/wiki/SELinux
I wish FreeBSD supported these features. From the TrustedBSD project,
it looks like Robert Watson is tracking 7-CURRENT, so POSIX.1e
features are under active development.
Best wishes,
Matthew
--
jsoffron: I'm generally pretty high on national defense...
Mr. Bad Example: Careful...it's a gateway policy. Before you know it,
you'll be mainlining the hard stuff like trade agreements.
jsoffron: Too late...I've been freebasing Nafta all day... Sweet,
sweet NAFTA.
- As seen on Slashdot
.
- References:
- Re: Wanting To Try FreeBSD: Security Question.
- From: Giorgos Keramidas
- Re: Wanting To Try FreeBSD: Security Question.
- Prev by Date: Re: So, what is the state of Linux vs FreeBSD?
- Next by Date: Re: So, what is the state of Linux vs FreeBSD?
- Previous by thread: Re: Wanting To Try FreeBSD: Security Question.
- Next by thread: Re: Wanting To Try FreeBSD: Security Question.
- Index(es):
