[Security_sig] DCL protection assumptions

Chris Wright chrisw at osdl.org
Thu Oct 7 14:53:17 PDT 2004

* slav at vogon.net (slav at vogon.net) wrote:
> >
> > SeOS?  How are they privs parcelled out?  What are examples of the
> > differing layers?  Agreed, least privileges is preferred method for
> > containment.
> >
> SeOS is a commercial (by CA, I believe) security product that intercepts
> syscalls and compares them to its policy.  Instead of taking away privs
> from root, privs are added to user accounts instead.  SeOS is configured
> to give an admin a "sandbox to play in", and it'll restrict access to
> files and processes according to the policy.  SeOS is also available for
> all major UNIX platforms including Linux, which is a plus in heterogeneous
> environment.
> We've also evaluated LIDS and SELinux.  LIDS was impressive but lacked
> some important features.  We were less than impressed with SELinux due to
> its instability and complexity.

Great feedback.  What important features are missing in LIDS in your

Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

More information about the security_sig mailing list