Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE : Re: [tlug] Small footprint Linux distribution without a GUI



Jedidiah Israel writes:
 > On 5/10/07, Stephen J. Turnbull <stephen@example.com> wrote:
 > >
 > > Maybe I should have put it differently: are you sure you aren't
 > > reinventing a 15-year-old wheel from Bell Labs (called "Plan 9")?
 > 
 > I hope not, but it is possible. It seems that SELinux is considered
 > the best of breed. Is this because there are no competing
 > alternatives? Or is SELinux the best conclusion?

Security is hard, and the people who do SELinux are the best in the
business.  SELinux is not a single system, nor finished, either.

But you should remember that SELinux per se is not secure.  A system
is secure not by virtue of whether a there's a particular sticker on
the nameplate, but by virtue of being secured by somebody who cares
about keeping the vermin out.

Your job, as a secure system designer, is to keep your documented
promises about what operations let the outside come in, the inside
out, and through what doors.  And then to make it easy to enforce any
selected policy.  SELinux does a pretty good job of that; it's going
to be hard to beat across the broad range of applications it can be
adapted to.



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links