[dundee] Opinionated much?
Lee Hughes
toxicnaan at yahoo.co.uk
Wed Apr 22 15:30:20 UTC 2009
it's not the apparmour or selinux are not the answer, it's just the question
that they are answering is wrong.
Securing Cgi scripts? hmm..... good luck ;-)
--- On Tue, 21/4/09, gordon dunlop <astrozubenel at googlemail.com> wrote:
From: gordon dunlop <astrozubenel at googlemail.com>
Subject: Re: [dundee] Opinionated much?
To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
Date: Tuesday, 21 April, 2009, 4:14 PM
2009/4/21 Jennifer higgins <sauntering.with.scissors at gmail.com>
Just finished a report on kernel level firewalls in operating
systems and realised that it’s a great big rant about user freedom!
Oops..
Just thought i’d share that with some like minded people. I
found it quite amusing.
Not amusing that I’m probably going to have to re-write
the damn thing though. Sigh!
I think it's a very topical subject, security versus user freedom. Linus Torvalds had this to say about security and bug fixing (to reduce insecurities):
http://www.networkworld.com/news/2008/081408-torvalds-security-circus.html
Whilst I am not looking at kernel level firewalls, I have been looking at SELinux the past week which has kernel and user access controls. I have had it disabled for years in my Fedora systems because it was such a pain in the ass, but I am now looking at in Centos 5.3 for the new TayLUG website which I'm working on at the moment.
A thread about SELinux & OpenBSD security:
http://kerneltrap.org/OpenBSD/SELinux_vs_OpenBSDs_Default_Security
The anatomy of SELinux:
http://www.ibm.com/developerworks/linux/library/l-selinux/?ca=dgr-lnxw02aSELinuxAnat&S_TACT=105AGX59&S_CMP=GR
I am still finding it a pain in the butt trying to write policy rules and for giving different permissions to the various cgi scripts. I realised that with all the things I hope to implement on the web site it will just not work. On Dan Walsh's blog he says it is now easier to use SELinux as it has newer capabilities, come off it Dan who are you kidding!!
http://danwalsh.livejournal.com/24537.html
So I am not going to bother using it, no wonder people have it either turned off or in permissive mode. It is like trying to type on a keyboard with a straitjacket on.
Gordon
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20090422/6954dc5d/attachment.htm
More information about the dundee
mailing list