[Security_sig] DCL protection assumptions
slav at vogon.net
slav at vogon.net
Thu Oct 7 15:13:16 PDT 2004
>
> Great feedback. What important features are missing in LIDS in your
> estimation?
>
It's been about 9 months (an eternity in the world of open source), but
based on what we've seen back then, here's what we liked and didn't like:
Pros:
* ability to hide files and directories
* ability to hide processes
* pretty flexible ACLs for both
Cons:
* Subject/object relationship is file-process, as opposed to file-user or
process-user. This is a major shortcoming. I would ideally like to be
able to restrict processes AND users to their sandboxes.
More information about the security_sig
mailing list