[dundee] Opinionated much?

Lee Hughes toxicnaan at yahoo.co.uk
Wed Apr 22 15:30:20 UTC 2009


it's not the apparmour or selinux are not the answer, it's just the question
that they are answering is wrong.

Securing Cgi scripts? hmm..... good luck ;-)

--- On Tue, 21/4/09, gordon dunlop <astrozubenel at googlemail.com> wrote:
From: gordon dunlop <astrozubenel at googlemail.com>
Subject: Re: [dundee] Opinionated much?
To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
Date: Tuesday, 21 April, 2009, 4:14 PM



2009/4/21 Jennifer higgins <sauntering.with.scissors at gmail.com>

Just finished a report on kernel level firewalls in operating
systems and realised that it’s a great big rant about user freedom! 
Oops.. 

Just thought i’d share that with some like minded people. I
found it quite amusing. 
Not amusing that I’m probably going to have to re-write
the damn thing though. Sigh!
 I think it's a very topical subject, security versus user freedom. Linus Torvalds had this to say about security and bug fixing (to reduce insecurities):


http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html

Whilst I am not looking at kernel level firewalls, I have been looking at SELinux the past week which has kernel and user access controls. I have had it disabled for years in my Fedora systems because it was such a pain in the ass, but I am now looking at in Centos 5.3 for the new TayLUG website which I'm working on at the moment.


A thread about SELinux & OpenBSD security:

http://kerneltrap.org/OpenBSD/SELinux_vs_OpenBSDs_Default_Security

The anatomy of  SELinux:


http://www.ibm.com/developerworks/linux/library/l-selinux/?ca=dgr-lnxw02aSELinuxAnat&S_TACT=105AGX59&S_CMP=GR


I am still finding it a pain in the butt trying to write policy rules and for giving different permissions to the various cgi scripts. I realised that with all the things I hope to implement on the web site it will just not work. On Dan Walsh's blog he says it is now easier to use SELinux as it has newer capabilities, come off it Dan who are you kidding!!


http://danwalsh.livejournal.com/24537.html 

So I am not going to bother using it, no wonder people have it either turned off or in permissive mode. It is like trying to type on a keyboard with a straitjacket on.


Gordon

 



_______________________________________________

dundee GNU/Linux Users Group mailing list

dundee at lists.lug.org.uk  http://dundee.lug.org.uk

https://mailman.lug.org.uk/mailman/listinfo/dundee

Chat on IRC, #tlug on dundee.lug.org.uk


_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk  http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20090422/6954dc5d/attachment.htm 


More information about the dundee mailing list