Secure Coding mailing list archives
Re: Re: Application Sandboxing, communication limiting, etc.
From: "Jared W. Robinson" <jwr () xmission com>
Date: Tue, 16 Mar 2004 20:33:48 +0000
On Fri, Mar 12, 2004 at 04:03:34PM -0800, Crispin Cowan wrote:
Jose Nazario wrote:SELinux. LIDS. systrace (Linux, BSD, MacOS X). a few things on FreeBSD i can't recall.SubDomain predates all of these except for SELinux (which has roots that go back nearly 20 years) and LIDS got design elements from SubDomain.
How does SubDomain compare to SELinux, systrace, etc? What are the strengths and weaknesses of each? Does any distribution besides Immunix use SubDomain? What percentage of applications have SubDomain policies written for them? I imagine it's a lot of work to write these policies. I also wonder if a SubDomain policy could be translated into an SELinux rule set automatically. Thanks, - Jared
Current thread:
- Re: Opinion re an interesting article on Linux security in Linux Journal, (continued)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 13)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 14)
- Re: Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 16)
- Re: Re: Application Sandboxing, communication limiting, etc. Crispin Cowan (Mar 16)
- Re: Comparison of SubDomain, SELinux and systrace Jared W. Robinson (Mar 16)