Posted Nov 26, 2004 5:34 UTC (Fri) by Method
In reply to: Civilizing SELinux
Parent article: Civilizing SELinux
I said "access control systems" also.. Nothing keeps someone from running PaX with SELinux as Hardened Gentoo's SELinux implementation does. Those have absolutely nothing to do with mandatory access control (The scope of SELinux is MAC only)
Do you want some sort of prize for successfully integrating someone elses memory protections into grsec.. PaX is in no way reliant on your (or anyone elses) access control systems, in fact we have SELinux permissions to control PaX in Gentoo.
I'm not talking about Fedora Core 3 or it's policies, I see nothing refering to that.
As for the rest of the comment, if you have beef with Redhat and/or Exec-Shield (as you clearly do) take it up with them and not SELinux. SELinux wasn't developed by Redhat, they merely implement it. You have made zero objections to SELinux and only to Fedora's implementation of it (and not really much there)
SELinux also has other uses that you (and other anti-SELinux zealots) seem to be unable to address. SELinux allows strong control on information flow. There exist many environments where information flow restrictions are absolutely necessary and SELinux has the ability to arbitrate that on many more access vectors that grsec, IPC for example. (and this isn't all, I'd rather not fill up this comment with the 53 object classes SELinux covers)
Further, there exist tools *today* to analyze SELinux policies for possible information flow and execution paths, does grsec have those?
All-in-all SELinux is a very professional project with a great community and great collection of tools. I'm sorry you feel the need to FUD it.
For future trolling please note that:
1) Exec-shield has nothing to do with SELinux.
2) Redhat hiding bugs or whatever has nothing to do with SELinux.
3) Fedora's SELinux implementation has nothing to do with SELinux itself.
4) Congratulations on those Exec-shield exploits you sold, I hope you bought something nice with them.
to post comments)