Date: Thu, 11 May 2006 20:09:08 +0100 From: "mal content" <artifact.one@googlemail.com> To: "Borja Marcos" <BORJAMAR@sarenet.es> Cc: freebsd-security@freebsd.org Subject: Re: MAC policies and shared hosting Message-ID: <8e96a0b90605111209l7620bff8u7261d20ac708879f@mail.gmail.com> In-Reply-To: <E632A54E-276D-4DD4-A353-D5531094A400@SARENET.ES> References: <CB6E482F-221F-4D31-8814-BF4A23D3E19E@SARENET.ES> <20060504172309.D17611@fledge.watson.org> <E632A54E-276D-4DD4-A353-D5531094A400@SARENET.ES>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/10/06, Borja Marcos <BORJAMAR@sarenet.es> wrote: > There is great stuff in the MAC framework, indeed, and the > possibilities are endless. Best of that, security decisions go back > to the place they should have never abandoned: the operating system :) > > I've just ordered the new O'Reilly book about FreeBSD and OpenBSD > security, but it seems that it doesn't mention the MAC framework at > all :( Unfortunately the MAC framework just doesn't seem to get as much attention as I'd like. I think the problem was that the TrustedBSD project seemed very 'closed' in that the site was quite rarely updated and it was difficult to get news on developments. It seemed, for a long time, that nobody was interested in it. It'd be nice to see a ton of tutorials, papers and documentation for it. I personally would write quite a bit on it if I could get started but unfortunately my 'expertise' begins and ends at the web server example in the handbook. I think also the MAC framework is perceived as being too difficult to use and too detached from FreeBSD itself. Hopefully the latter will improve when BSM is integrated with the system and the former is entirely subjective anyway. There's quite a large gap in ports for some software that puts a friendly face on some of the MAC policies such as biba, MLS, etc. Hmm. Brain spilled out onto the keyboard a bit then. I'll put it back in it's cage for now. a1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e96a0b90605111209l7620bff8u7261d20ac708879f>