Dailydave mailing list archives
Re: Media Excitement!
From: robert () dyadsecurity com
Date: Mon, 9 May 2005 19:49:22 -0700
pageexec () freemail hu(pageexec () freemail hu)@Tue, May 10, 2005 at 01:28:17AM +0100:
first, you're assuming the second meaning of 'policy', that is, it's something that describes a 'grand scheme' and then of course you want to know to what extent it succeeded.
We are not communicating very well because we're not even using the same definitions for our terms.
third, if selinux is actually the super system people make it out to be, then its capabilities must be a superset of that of grsecurity, hence one can just write a tool to convert grsecurity policies to selinux and use the selinux tools on them - problem solved, albeit probably not the way you expected it ;-).
I've had thoughts from winhat (/msg winhat on efnet irc) that made more sense.
you dont need to run the tools to create a policy. If i want to see all the indirect domain interactions (by that i mean if this program can spawn this program that can do this and eventually read this file) creating paths from one domain to a target context i can do so. If i cannot easily make assertions with grsec + SSP then my point stands, regardless of how silly it sounds.how's 'grep' sound for 'easily'? you grep your per-subject policy files and get the answer in no time, can hardly be simpler, can it. and now you're saying that selinux needs a special tool for just that and wondering why it sounds silly...
You didn't understand what he was saying. That's ok. Hold off on saying more until we have a chance to chat in person some time. This email thread is not helping anyone.
the solution is to stop trying to shove down people's throats a complex system they don't need when less complex systems can do just as good (if not better) a job. complexity is the enemy of security.
GRSec and SE Linux folks understand the problems differently and are are solving different problems. Systems are already complex. Projects like SE Linux are working towards providing a way to manage that complexity. GRSec is making boxes more challanging to compromise. Ignorance and Apathy are the enemies of progress. <Rodney King> Can't we all just get along?!??!?! </Rodney King> But seriously... this thread is pointless. Please stop. Robert -- Robert E. Lee CEO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Media Excitement!, (continued)
- Re: Media Excitement! robert (Apr 22)
- Re: Media Excitement! pageexec (Apr 22)
- Re: Media Excitement! Cody Hatch (Apr 24)
- Re: Media Excitement! robert (Apr 24)
- Re: Media Excitement! Cody Hatch (Apr 25)
- Re: Media Excitement! Jack (Apr 25)
- Re: Media Excitement! Cody Hatch (Apr 26)
- Re: Media Excitement! pageexec (Apr 26)
- Re: Media Excitement! Jack (Apr 27)
- Re: Media Excitement! pageexec (May 09)
- Re: Media Excitement! robert (May 09)
- Laptop Abuse halvar (Apr 25)
- Re: Media Excitement! robert (Apr 24)
- Re: Media Excitement! pageexec (Apr 26)
- Re: Media Excitement! robert (Apr 26)
- Re: Media Excitement! pageexec (Apr 26)
- Re: Media Excitement! byte_jump (Apr 26)
- Re: Media Excitement! robert (Apr 26)
- Re: Media Excitement! Anton A. Chuvakin (Apr 21)
- RE: Media Excitement! Ben Nagy (Apr 21)
- Re: Media Excitement! Cody Hatch (Apr 22)