Lists Home |
Date Index |
SELinux is neat, but it's not a requirement, and doesn't invalidate
the fact that the basic Unix security model is good. If you consider
doing the equivalent of adding SELinux to NT-based Windows, then you
end up on a machine without a local Administrator. I bet that machine
wouldn't run. :) So ref  is either a point for Unix, or a wash.
As for ref , same argument. The basic model is solid. It is quite
reasonable to allocate system resources and then renounce privileges;
I'll point to my own Usenet/NNTP (INN) system as one good example.
>  http://www.nsa.gov/selinux/faq.html#I2
>  http://books.rsbac.org/unstable/x115.html
Still waiting for the punchline...
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html