[Security_sig] DCL protection assumptions

slav at vogon.net slav at vogon.net
Thu Oct 7 15:13:16 PDT 2004

> Great feedback.  What important features are missing in LIDS in your
> estimation?

It's been about 9 months (an eternity in the world of open source), but
based on what we've seen back then, here's what we liked and didn't like:

* ability to hide files and directories
* ability to hide processes
* pretty flexible ACLs for both

* Subject/object relationship is file-process, as opposed to file-user or
process-user.  This is a major shortcoming.  I would ideally like to be
able to restrict processes AND users to their sandboxes.

More information about the security_sig mailing list