1 |
On Mon, 2004-08-23 at 11:33, Calum wrote: |
2 |
> On Monday 23 August 2004 16:27, you wrote: |
3 |
> > > Are there any plans to bring all this into the 2.6 kernels, or is the |
4 |
> > > move towards SELinux? |
5 |
> > |
6 |
> > Try hardened-dev-sources - they contain GRSecurity and PaX, and are |
7 |
> > well-maintained. |
8 |
> |
9 |
> Thanks for that - not sure why I didn't notice that. |
10 |
> |
11 |
|
12 |
> But as a general feeling, do people feel that SELinux will become the |
13 |
> hardening method of choice? |
14 |
|
15 |
Absolutely NOT. |
16 |
|
17 |
people are often confused about this topic. |
18 |
|
19 |
Problem is selinux is gaining alot of publicity right now and people |
20 |
think it's a replacement for grsec which it is not. We see this on the |
21 |
gentoo-hardened mailing lists all the time. People tend to think. |
22 |
"Hey whats this selinux thing I see people talking about it." |
23 |
"It must be good, the NSA has something to do with it" |
24 |
|
25 |
In reality it seems to be harder than heck to maintain and people |
26 |
usually need help (why there is so much buzz), and only a limited number |
27 |
of people seem to be able to write policy for it. |
28 |
|
29 |
> I.e. If I have to make a choice and commit now, |
30 |
> shall I stick with GRSec, or start looking at SE? |
31 |
|
32 |
There is no feature that I'm aware of that selinux offers that grsec |
33 |
does not handle. But it's always comes down to a matter of choice |
34 |
(flavors if you will). |
35 |
What works the best for you and your systems. (apples or oranges) |
36 |
|
37 |
good luck. |
38 |
|
39 |
|
40 |
> |
41 |
> C |
42 |
-- |
43 |
Ned Ludd <solar@g.o> |
44 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |