Subject: Re: SE Linux vs SE NetBSD !!
To: Elad Efrat <elad@NetBSD.org>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 08/25/2006 17:57:15
On Sat, 26 Aug 2006 00:18:57 +0200, Elad Efrat <elad@NetBSD.org> wrote:
> That is perhaps the most important bit of this discussion: is it *worth*
> integrating a SELinux-like framework in NetBSD?
The hard part is figuring out what the right policies (or classes of
policies) are, in the abstract. NSA likes MLS, but that's partly a
historical hangover from 20 years ago. (Even if you do like MLS, there's
still the assurance problem -- SELinux hasn't really addressed it.)
I'd refer you to my latest Inside RISKS column (on why VMs won't save us),
but it's not out yet.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb