httpd and krb5.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 2005-05-19 at 08:02 -0400, Doug Koobs wrote:
> If you're not familar with Mandatory Access Control, read up on it;
> I think that is what SELinux is about.

MAC is exactly what SELinux is about.

Legacy UNIX permissions and security is DAC, but lacks MAC.
It's one of the few details of UNIX design that is a thorn.

Otherwise, legacy UNIX design -- over 35 years old -- has been
pretty damn good in the age of the Internet.

Multiuser by default, execute bit, reliance on file magic, not
extensions, write access only to user home directory, etc...

Yeah, NT might have MAC.  But the majority of Windows applications
would be classified as a "root exploit" because they require
escalated privileges over what UNIX programs do just to run!

Including many of Microsoft's own.


-- 
Bryan J. Smith                                 b.j.smith@xxxxxxxx 
----------------------------------------------------------------- 
Beware of those who define their preference in terms of hate of
another option, and not on the positive merits of their selection



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux