On Mon, Aug 30, 2004 at 05:13:33PM -0600, Andrew Jorgensen wrote: > On Mon, 30 Aug 2004 16:37:32 -0500, Michael Halcrow <[EMAIL PROTECTED]> wrote: > > I've said it before and I'll say it again: the security options > > available for GNU/Linux puts it heads and shoulders above any other > > enterprise-class operating system. If you want to take advantage of > > those options, select a distro that actually uses them. > > Herein lies the problem, what usable distro is still usable with > these features turned on? Last time I tried turning them on in my > favorite distro (Fedora) everything broke. - Andrew
Yes, the very first time Fedora tried to deploy SE Linux, they hit
several snags, which was to be expected with a distro as large as
Fedora, but you have to start from somewhere. They've made a lot of
progress on a difficult problem (writing a set of MAC policies that do
not conflict across hundreds of packages), but all the groundwork has
been laid, and they're getting close to a workable solution now.
Until Fedora 3 gets up to speed, consider using other MAC mechanisms
like BSD Secure Levels. This still provides a strong level of
protection against userspace application compromise.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
Someday we'll look back on all this and plow into a parked car.
pgpkVwvoXEBTm.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
