Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work?

["Chris Rohlf" <chris.rohlf () gmail com>]

On 3/1/07, Steve Grubb <sgrubb () redhat com> wrote:
> On Thursday 01 March 2007 07:40, Rodrigo Rubira Branco (BSDaemon) wrote:
> > Capabilities like selinux exist in linux a long time and offer a little
> > impact in the overall system performance (but that impact exists)...
>
> True, there is a little impact and it varies based on actual workload.

The biggest impact IMHO is the administrative overhead most of these
implementations create. Its almost not worth it in the end. And this
experience comes from my own systems, not real production stuff. Then
again the last time I tried SELinux was on debian about 2 years ago so
things could have improved.

> > Linux solutions can be bypassed as well.
>
> Any kernel exploit that allows writing to arbitrary kernel memory can
> potentially defeat any kernel protection mechanism.

This sort of goes without saying. But what other known 'bypasses' are
there for grsec or SElinux that don't require a kernel vulnerability?
Im asking honestly, its been awhile since I've looked into this stuff.


Chris


-- 

http://em386.blogspot.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave