Subject: Re: SE Linux vs SE NetBSD !!
To: Elad Efrat <elad@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-security
Date: 08/25/2006 17:57:15
On Sat, 26 Aug 2006 00:18:57 +0200, Elad Efrat <elad@NetBSD.org> wrote:
> 
> That is perhaps the most important bit of this discussion: is it *worth*
> integrating a SELinux-like framework in NetBSD?

No.

The hard part is figuring out what the right policies (or classes of
policies) are, in the abstract.  NSA likes MLS, but that's partly a
historical hangover from 20 years ago.  (Even if you do like MLS, there's
still the assurance problem -- SELinux hasn't really addressed it.)

I'd refer you to my latest Inside RISKS column (on why VMs won't save us),
but it's not out yet.


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb