[dundee] Opinionated much?
gordon dunlop
astrozubenel at googlemail.com
Tue Apr 21 15:14:36 UTC 2009
2009/4/21 Jennifer higgins <sauntering.with.scissors at gmail.com>
> Just finished a report on kernel level firewalls in operating systems and
> realised that it’s a great big rant about user freedom!
>
> Oops..
>
> Just thought i’d share that with some like minded people. I found it quite
> amusing.
>
> Not amusing that I’m probably going to have to re-write the damn thing
> though. Sigh!
>
I think it's a very topical subject, security versus user freedom. Linus
Torvalds had this to say about security and bug fixing (to reduce
insecurities):
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html
Whilst I am not looking at kernel level firewalls, I have been looking at
SELinux the past week which has kernel and user access controls. I have had
it disabled for years in my Fedora systems because it was such a pain in the
ass, but I am now looking at in Centos 5.3 for the new TayLUG website which
I'm working on at the moment.
A thread about SELinux & OpenBSD security:
http://kerneltrap.org/OpenBSD/SELinux_vs_OpenBSDs_Default_Security
The anatomy of SELinux:
http://www.ibm.com/developerworks/linux/library/l-selinux/?ca=dgr-lnxw02aSELinuxAnat&S_TACT=105AGX59&S_CMP=GR
I am still finding it a pain in the butt trying to write policy rules and
for giving different permissions to the various cgi scripts. I realised that
with all the things I hope to implement on the web site it will just not
work. On Dan Walsh's blog he says it is now easier to use SELinux as it has
newer capabilities, come off it Dan who are you kidding!!
http://danwalsh.livejournal.com/24537.html
So I am not going to bother using it, no wonder people have it either turned
off or in permissive mode. It is like trying to type on a keyboard with a
straitjacket on.
Gordon
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk http://dundee.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on dundee.lug.org.uk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20090421/d3ff05c3/attachment.htm
More information about the dundee
mailing list