From owner-freebsd-security@FreeBSD.ORG Thu May 11 19:09:10 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4144116A9DB for ; Thu, 11 May 2006 19:09:10 +0000 (UTC) (envelope-from artifact.one@googlemail.com) Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 916DB43D53 for ; Thu, 11 May 2006 19:09:09 +0000 (GMT) (envelope-from artifact.one@googlemail.com) Received: by wx-out-0102.google.com with SMTP id s19so197655wxc for ; Thu, 11 May 2006 12:09:08 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=O2FSHo1kD3R8loETGf2Xmu5G6sLByzPj5VU6T3yTGmJ1wC8UtfkRaT6b0Nv9dUd/rkDr6+hKKCob5eYCWnMRmFD6bED76tcqDCVkGDFYNbeliaBDJ6ZYO8W3DqGjG9BpoTu3gpcLo5to6NdBIZJaJkCAe4xTXIB2M6LlXp1UIf8= Received: by 10.70.35.10 with SMTP id i10mr1561451wxi; Thu, 11 May 2006 12:09:08 -0700 (PDT) Received: by 10.70.23.1 with HTTP; Thu, 11 May 2006 12:09:08 -0700 (PDT) Message-ID: <8e96a0b90605111209l7620bff8u7261d20ac708879f@mail.gmail.com> Date: Thu, 11 May 2006 20:09:08 +0100 From: "mal content" To: "Borja Marcos" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060504172309.D17611@fledge.watson.org> X-Mailman-Approved-At: Thu, 11 May 2006 19:19:52 +0000 Cc: freebsd-security@freebsd.org Subject: Re: MAC policies and shared hosting X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 19:09:12 -0000 On 5/10/06, Borja Marcos wrote: > There is great stuff in the MAC framework, indeed, and the > possibilities are endless. Best of that, security decisions go back > to the place they should have never abandoned: the operating system :) > > I've just ordered the new O'Reilly book about FreeBSD and OpenBSD > security, but it seems that it doesn't mention the MAC framework at > all :( Unfortunately the MAC framework just doesn't seem to get as much attention as I'd like. I think the problem was that the TrustedBSD project seemed very 'closed' in that the site was quite rarely updated and it was difficult to get news on developments. It seemed, for a long time, that nobody was interested in it. It'd be nice to see a ton of tutorials, papers and documentation for it. I personally would write quite a bit on it if I could get started but unfortunately my 'expertise' begins and ends at the web server example in the handbook. I think also the MAC framework is perceived as being too difficult to use and too detached from FreeBSD itself. Hopefully the latter will improve when BSM is integrated with the system and the former is entirely subjective anyway. There's quite a large gap in ports for some software that puts a friendly face on some of the MAC policies such as biba, MLS, etc. Hmm. Brain spilled out onto the keyboard a bit then. I'll put it back in it's cage for now. a1