• To: Dare Obasanjo <dareo@m...>
• Subject: RE: Managing Innovation
• From: Rich Salz <rsalz@d...>
• Date: Tue, 30 Sep 2003 22:15:38 -0400 (EDT)
• Cc: "xml-dev@l..." <xml-dev@l...>
• In-reply-to: <830178CE7378FC40BC6F1DDADCFDD1D1CEBBE6@R...>

SELinux is neat, but it's not a requirement, and doesn't invalidate
the fact that the basic Unix security model is good.  If you consider
doing the equivalent of adding SELinux to NT-based Windows, then you
end up on a machine without a local Administrator. I bet that machine
wouldn't run. :)  So ref [0] is either a point for Unix, or a wash.

As for ref [1], same argument.  The basic model is solid.  It is quite
reasonable to allocate system resources and then renounce privileges;
I'll point to my own Usenet/NNTP (INN) system as one good example.

> [0] http://www.nsa.gov/selinux/faq.html#I2
> [1] http://books.rsbac.org/unstable/x115.html

Still waiting for the punchline...
        /r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

• References:
  • RE: Managing Innovation
    • From: "Dare Obasanjo" <dareo@m...>

• Prev by Date: RE: Managing Innovation
• Next by Date: RE: Managing Innovation
• Previous by thread: RE: Managing Innovation
• Next by thread: RE: Managing Innovation
• Index(es):
  • Date
  • Thread