Kernel Summit 2006: Security
Posted Jul 21, 2006 0:55 UTC (Fri) by Method
In reply to: Kernel Summit 2006: Security
Parent article: Kernel Summit 2006: Security
You are right, Flask has successfully implemented the security models that have been around for decades and are tried and true.
Arbitrary security policies are just that. Consider the LSM implementation of securelevels that ended up being more insecure than not having it. Then consider the limitations and bypassability of Apparmor as I explained at http://securityblog.org/brindle/2006/04/19/security-anti-....
If its a choice between reasonable (and working) security models and arbitrary ones that have severe security issues and limitations I'll take Flask.
There might not be a One True Security Model in the security community but quote honestly apparmor isn't even a contestant.
to post comments)