[dundee] Opinionated much?
Sean McRobbie
lug at seany.us
Tue Apr 21 15:28:20 UTC 2009
How about http://www.grsecurity.net/ ?
Regards,
Sean McRobbie
----- Original Message -----
From: "gordon dunlop" <astrozubenel at googlemail.com>
To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
Sent: Tuesday, 21 April, 2009 16:14:29 GMT +00:00 GMT Britain, Ireland, Portugal
Subject: Re: [dundee] Opinionated much?
2009/4/21 Jennifer higgins < sauntering.with.scissors at gmail.com >
Just finished a report on kernel level firewalls in operating systems and realised that it’s a great big rant about user freedom!
Oops..
Just thought i’d share that with some like minded people. I found it quite amusing.
Not amusing that I’m probably going to have to re-write the damn thing though. Sigh!
I think it's a very topical subject, security versus user freedom. Linus Torvalds had this to say about security and bug fixing (to reduce insecurities):
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html
Whilst I am not looking at kernel level firewalls, I have been looking at SELinux the past week which has kernel and user access controls. I have had it disabled for years in my Fedora systems because it was such a pain in the ass, but I am now looking at in Centos 5.3 for the new TayLUG website which I'm working on at the moment.
A thread about SELinux & OpenBSD security:
http://kerneltrap.org/OpenBSD/SELinux_vs_OpenBSDs_Default_Security
The anatomy of SELinux:
http://www.ibm.com/developerworks/linux/library/l-selinux/?ca=dgr-lnxw02aSELinuxAnat&S_TACT=105AGX59&S_CMP=GR
I am still finding it a pain in the butt trying to write policy rules and for giving different permissions to the various cgi scripts. I realised that with all the things I hope to implement on the web site it will just not work. On Dan Walsh's blog he says it is now easier to use SELinux as it has newer capabilities, come off it Dan who are you kidding!!
http://danwalsh.livejournal.com/24537.html
So I am not going to bother using it, no wonder people have it either turned off or in permissive mode. It is like trying to type on a keyboard with a straitjacket on.
Gordon
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk
More information about the dundee
mailing list