Subject: Re: SE Linux vs SE NetBSD !!
To: Travis H. <email@example.com>
From: Andrew Reilly <firstname.lastname@example.org>
Date: 08/29/2006 16:06:42
On Fri, Aug 25, 2006 at 03:56:00PM -0500, Travis H. wrote:
> That's okay, if there's sufficient number of people to write those
> policies. Similarly, 99% of the Unix user population can't write
> solid kernel code, for example a device driver. That's okay because
> we can copy bits for zero marginal cost from the people who can for
> the people who can't.
This is getting to the heart of the bit that I don't understand
about this whole area (SE-Foo, etc). Please pardon the intrusion
of a know-nothing...
How can someone else write my security policy for me? How can
there be just one such, and application-based? Isn't the point
of policy that it's up to me? If it's just a documentation of
the capabilities of the application, then what does it offer over
and above the application itself?
What sort of applications are we talking about? Presumably
not /bin/sh or /usr/pkg/bin/perl: those have rather a lot of