Dailydave mailing list archives

Re: Media Excitement!

From: robert () dyadsecurity com
Date: Mon, 9 May 2005 19:49:22 -0700

pageexec () freemail hu(pageexec () freemail hu)@Tue, May 10, 2005 at 01:28:17AM +0100:

first, you're assuming the second meaning of 'policy', that is, it's
something that describes a 'grand scheme' and then of course you want
to know to what extent it succeeded.


We are not communicating very well because we're not even using the same
definitions for our terms.

third, if selinux is actually the super system people make it out to
be, then its capabilities must be a superset of that of grsecurity,
hence one can just write a tool to convert grsecurity policies to
selinux and use the selinux tools on them - problem solved, albeit
probably not the way you expected it ;-).


I've had thoughts from winhat (/msg winhat on efnet irc) that made more
sense.

you dont need to run the tools to create a policy. If i want to see all
the indirect domain interactions (by that i mean if this program can
spawn this program that can do this and eventually read this file)
creating paths from one domain to a target context i can do so.
If i cannot easily make assertions with grsec + SSP then my point stands,
regardless of how silly it sounds.


how's 'grep' sound for 'easily'? you grep your per-subject policy
files and get the answer in no time, can hardly be simpler, can it.
and now you're saying that selinux needs a special tool for just
that and wondering why it sounds silly...


You didn't understand what he was saying. That's ok.  Hold off on saying
more until we have a chance to chat in person some time.  This email
thread is not helping anyone.

the solution is to stop trying to shove down people's throats a
complex system they don't need when less complex systems can do just
as good (if not better) a job. complexity is the enemy of security.


GRSec and SE Linux folks understand the problems differently and are are
solving different problems.  Systems are already complex.  Projects like
SE Linux are working towards providing a way to manage that complexity. 
GRSec is making boxes more challanging to compromise.

Ignorance and Apathy are the enemies of progress.

<Rodney King>
Can't we all just get along?!??!?!
</Rodney King>

But seriously... this thread is pointless.

Please stop.

Robert

-- 
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Media Excitement!, (continued)
- - - Re: Media Excitement! robert (Apr 22)
    - Re: Media Excitement! pageexec (Apr 22)
    - Re: Media Excitement! Cody Hatch (Apr 24)
    - Re: Media Excitement! robert (Apr 24)
    - Re: Media Excitement! Cody Hatch (Apr 25)
    - Re: Media Excitement! Jack (Apr 25)
    - Re: Media Excitement! Cody Hatch (Apr 26)
    - Re: Media Excitement! pageexec (Apr 26)
    - Re: Media Excitement! Jack (Apr 27)
    - Re: Media Excitement! pageexec (May 09)
    - Re: Media Excitement! robert (May 09)
    - Laptop Abuse halvar (Apr 25)
    - Re: Media Excitement! robert (Apr 24)
    - Re: Media Excitement! pageexec (Apr 26)
    - Re: Media Excitement! robert (Apr 26)
    - Re: Media Excitement! pageexec (Apr 26)
    - Re: Media Excitement! byte_jump (Apr 26)
    - Re: Media Excitement! robert (Apr 26)
    - Re: Media Excitement! Anton A. Chuvakin (Apr 21)
    - RE: Media Excitement! Ben Nagy (Apr 21)
    - Re: Media Excitement! Cody Hatch (Apr 22)

(Thread continues...)