[Security_sig] DCL protection assumptions
Chris Wright
chrisw at osdl.org
Thu Oct 7 14:53:17 PDT 2004
* slav at vogon.net (slav at vogon.net) wrote:
> >
> > SeOS? How are they privs parcelled out? What are examples of the
> > differing layers? Agreed, least privileges is preferred method for
> > containment.
> >
>
> SeOS is a commercial (by CA, I believe) security product that intercepts
> syscalls and compares them to its policy. Instead of taking away privs
> from root, privs are added to user accounts instead. SeOS is configured
> to give an admin a "sandbox to play in", and it'll restrict access to
> files and processes according to the policy. SeOS is also available for
> all major UNIX platforms including Linux, which is a plus in heterogeneous
> environment.
>
> We've also evaluated LIDS and SELinux. LIDS was impressive but lacked
> some important features. We were less than impressed with SELinux due to
> its instability and complexity.
Great feedback. What important features are missing in LIDS in your
estimation?
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
More information about the security_sig
mailing list