Posted Sep 23, 2004 7:26 UTC (Thu) by pimlott
In reply to: Complexity
Parent article: An introduction to SELinux
I would love to see an article that criticizes the SELinux approach systematically, and proposes some (more unix-like) alternatives. I think that many of us have the feeling that SELinux is too complex and forces too many changes on fundamental unix concepts, but this usually comes out in random curmudgeonly grousing on mailing lists and message boards. Surely someone can (or has?) stated the case forcefully.
I think that a better path from Linux today to a more secure, compartmentalized system would make more flexible use of the basic unit of unix access control, the user id. It would require both better ways to allocate permissions to user ids, and ways for users to specify different user ids to use for different tasks. This could allow a phased transition, building upon existing tools and techniques, without obsoleting the knowledge users and administrators have about unix security.
to post comments)