Linked by Thom Holwerda on Wed 26th Sep 2007 19:23 UTC
KernelTrap offers a summary of a lengthy debate on OpenBSD's -misc mailing list comparing the security features built into OpenBSD versus the security offered by the Linux kernel's SELinux feature. The main arguments presented against SELinux centered around its complexity and the difficulty of defining a secure policy. "The first thing people usually do with SELinux is turn it off", suggests the article, noting that the ease with which it can be turned off is another security shortcoming. By contrast, OpenBSD offers numerous security features that are always enabled with minimal overhead, including propolice stack protection, random library mappings, proactive privilege separation, W^X, and systrace.
Thread beginning with comment 274665
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2006-08-01
> and is MUCH MUCH MUCH more easy to use.
I really don't care.
I use Fedora, SeLinux is enabled and I don't touch SeLinux policy. My OS should be secure, I don't have to make it secure.
If i manually install a program and it trigger SeLinux policy, then I remove this program because this program should have security flaw. Period.
This only appened one time. Many many many programs work out of the box with SeLinux enabled. Some not but they are a very few number.