Peter Dolding wrote:
> Lets end the bitrot. Start having bits go into the main OS security
> features where they should be.
>
Linus categorically rejected this idea, several times, very clearly.
He did so because the security community cannot agree on a
one-true-standard for what that OS secur
On Wed, 31 Oct 2007, Peter Dolding wrote:
On 10/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Wed, 31 Oct 2007, Peter Dolding wrote:
MultiAdmin loaded before Selinux breaks Selinux since Multi Admin rules are
applied over using Selinux rules. This is just the way it is stacking LSM'
--- Peter Dolding <[EMAIL PROTECTED]> wrote:
> Lets end the bitrot. Start having bits go into the main OS security
> features where they should be.
Gawd. Sorry, but we lost that argument in 1986 and the situation
hasn't changed a bit since. Most people just don't want what we're
selling. Do yo
On 10/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Wed, 31 Oct 2007, Peter Dolding wrote:
>
> > MultiAdmin loaded before Selinux breaks Selinux since Multi Admin rules are
> > applied over using Selinux rules. This is just the way it is stacking LSM's
> > is Just not healthy you always
On Wed, 31 Oct 2007, Peter Dolding wrote:
MultiAdmin loaded before Selinux breaks Selinux since Multi Admin rules are
applied over using Selinux rules. This is just the way it is stacking LSM's
is Just not healthy you always risk on LSM breaking another. Part of the
reason why I have suggest
Jan Engelhardt wrote:
I disagree.
Traditionally, Linux has given a process all capabilities when the
UID changed to 0 (either by setuid(2) or executing a SUID binary).
This has been relieved over the years, and right now with LSMs in the
field, it is possible to 'deactivate' this special case fo
On Oct 30 2007 12:14, Casey Schaufler wrote:
>
>while others including SELinux will go their own ways. So long
>as LSMs are self contained and strictly restrictive the
>mechanisms they use to modulate their behavior shouldn't be an
>issue. If SELinux chooses to turn its MLS controls off between
>m
--- Jan Engelhardt <[EMAIL PROTECTED]> wrote:
>
> (please do not drop Cc, or I would have lost this thread part if I had
> not been on lkml. And sometimes I am not because of the volume. Thanks.)
>
> On Oct 30 2007 15:13, Peter Dolding wrote:
> >On 10/30/07, Crispin Cowan <[EMAIL PROTECTED]> w
(please do not drop Cc, or I would have lost this thread part if I had
not been on lkml. And sometimes I am not because of the volume. Thanks.)
On Oct 30 2007 15:13, Peter Dolding wrote:
>On 10/30/07, Crispin Cowan <[EMAIL PROTECTED]> wrote:
>
>> * I have no clue what family to put MultiADM
On Tue, Oct 30, 2007 at 09:11:11AM -0400, linux-os (Dick Johnson) wrote:
> I'm sure that the majority of Linux users would never acquire
> the 4-board assembly that we use to acquire X-Ray data and
> generate real-time images for the baggage scanners in use
> at the world's major airports. That ass
--- "Kazuki Omo(Company)" <[EMAIL PROTECTED]> wrote:
> Dear, Folks,
>
> Now we are planning to submit LIDS to mainline.
> (As you know, it already written for supporing LSM for several years.)
>
> When we will finish to re-write documentation and some FAQ, then
> we will be able to submit the p
--- Crispin Cowan <[EMAIL PROTECTED]> wrote:
> Al Viro wrote:
> > On Tue, Oct 30, 2007 at 03:14:33PM +0800, Cliffe wrote:
> >
> >> Defense in depth has long been recognised as an important secure design
> >> principle. Security is best achieved using a layered approach.
> >>
> > "Layere
On Mon, 29 Oct 2007, Tilman Schmidt wrote:
> Am 28.10.2007 20:25 schrieb Adrian Bunk:
>> On Sun, Oct 28, 2007 at 07:51:12PM +0100, Tilman Schmidt wrote:
>>> Am 28.10.2007 02:55 schrieb Adrian Bunk:
Justifying anything with code with not GPL compatible licences has zero
relevance here.
>
On Tue, 2007-10-30 at 09:11 -0400, linux-os (Dick Johnson) wrote:
> I'm sure that the majority of Linux users would never acquire
> the 4-board assembly that we use to acquire X-Ray data and
> generate real-time images for the baggage scanners in use
> at the world's major airports. That assembly,
On Tue, October 30, 2007 07:14, Cliffe wrote:
> And while I acknowledge that many of these layers are currently buried
> within the kernel (netfilter...) they are security layers which in many
> cases would probably make sense as stackable security modules.
>
> Making the interface static forces ma
On Thu, 2007-10-25 at 09:04 -0700, Ray Lee wrote:
> On 10/25/07, Bernd Petrovitsch <[EMAIL PROTECTED]> wrote:
> > On Mit, 2007-10-24 at 17:35 -0700, Ray Lee wrote:
> > []
> > > Key-based masterlocks are easily broken with freon, and their combo
> > > locks are easily brute-forced in about ten m
On Oct 30 2007 01:50, Crispin Cowan wrote:
>Jan Engelhardt wrote:
>> Apparmor tutorial (beats any FAQ at first):
>> ftp://ftp.belnet.be/pub/mirror/FOSDEM/FOSDEM2006-apparmor.avi
>>
>Thanks for the high praise. Unfortunately that FTP site seems to not be
>working. Some alternatives:
[...]
On 10/30/2007 5:40 PM, Jan Engelhardt wrote:
On Oct 30 2007 12:23, Toshiharu Harada wrote:
Instead of pushing TOMOYO Linux, I started developing
comparison chart of security-enhance Linux implementations.
The current version can be found in
http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison
Jan Engelhardt wrote:
> Apparmor tutorial (beats any FAQ at first):
> ftp://ftp.belnet.be/pub/mirror/FOSDEM/FOSDEM2006-apparmor.avi
>
Thanks for the high praise. Unfortunately that FTP site seems to not be
working. Some alternatives:
* My personal copy of the above video
http://
On Oct 30 2007 12:23, Toshiharu Harada wrote:
>
> Instead of pushing TOMOYO Linux, I started developing
> comparison chart of security-enhance Linux implementations.
> The current version can be found in
>
> http://tomoyo.sourceforge.jp/wiki-e/?WhatIs#comparison
Smack Security Model: autolabel, a
20 matches
Mail list logo
