Linked by Thom Holwerda on Wed 26th Sep 2007 19:23 UTC
KernelTrap offers a summary of a lengthy debate on OpenBSD's -misc mailing list comparing the security features built into OpenBSD versus the security offered by the Linux kernel's SELinux feature. The main arguments presented against SELinux centered around its complexity and the difficulty of defining a secure policy. "The first thing people usually do with SELinux is turn it off", suggests the article, noting that the ease with which it can be turned off is another security shortcoming. By contrast, OpenBSD offers numerous security features that are always enabled with minimal overhead, including propolice stack protection, random library mappings, proactive privilege separation, W^X, and systrace.
Thread beginning with comment 274649
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-08
selinux is complex because it's f*cking amazing. It's one of those "unixy" toys - a very powerful mechanism, but it's hard to get the "policies" right...