Re: Secure?

[Bennett Todd <bet@rahul.net>]

[-- Attachment #1: Type: text/plain, Size: 1690 bytes --]

2001-03-16-06:25:27 Pedro Rosa:
> [...] the presence of WuFTP is probably the most questionable
> program in selinux. Not only in technical terms but also it arises
> questions in the concept itself.

I don't see that at all.

The concept of selinux, as it stands today, is (I believe --- if
people think I'm wrong please straighten me out:-) to experiment
with a novel model of mandatory access control, on a system which is
exceedingly wide-spread and getting more so rapidly, one which
stands a chance, in the reasonable future, of being usable in many,
perhaps most settings.

Today it's an early research project, and the specific focus is
on experimenting with the policy definition mechanism, and trying
to evolve a comfortable to manage, flexible, suitably high-level
setup for expressing policy decisions, while letting people get
comfortable with the performance, the stability, and the way the
resulting system behaves. The reasonable decision is to try to
integrate it into the most widely-used distribution, and to confine
the focus of this project to just the MAC features, patching other
components only as necessary to make them work.

Meanwhile, in unrelated developments, it's fair to hope that the
popular distributions may get more secure as time goes by; certainly
they're showing some interest in that area. I believe RH7.1 may be
the best Red Hat to date.

I'm expecting it'll be a year or two before this selinux thing will
be in a state of maturity and stability to become part of a major
distribution outright. Perhaps by then Red Hat will be shipping a
better-founded ftpd. I've rpmmed a port of the OpenBSD ftpd, it's
not particularly tricky to do so.

-Bennett

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]