Date: Fri, 12 May 2006 01:56:15 +0200 From: Borja Marcos <BORJAMAR@sarenet.es> To: mal content <artifact.one@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: MAC policies and shared hosting Message-ID: <C102E78F-A0AA-4444-B054-2396E4C082C3@sarenet.es> In-Reply-To: <8e96a0b90605111209l7620bff8u7261d20ac708879f@mail.gmail.com> References: <CB6E482F-221F-4D31-8814-BF4A23D3E19E@SARENET.ES> <20060504172309.D17611@fledge.watson.org> <E632A54E-276D-4DD4-A353-D5531094A400@SARENET.ES> <8e96a0b90605111209l7620bff8u7261d20ac708879f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Unfortunately the MAC framework just doesn't seem to get > as much attention as I'd like. I think the problem was > that the TrustedBSD project seemed very 'closed' in that the > site was quite rarely updated and it was difficult to get news > on developments. It seemed, for a long time, that nobody was > interested in it. Well, I am loving it, really. > It'd be nice to see a ton of tutorials, papers and documentation > for it. I personally would write quite a bit on it if I could get > started > but unfortunately my 'expertise' begins and ends at the web server > example in the handbook. > > I think also the MAC framework is perceived as being too difficult > to use and too detached from FreeBSD itself. Hopefully the latter > will improve when BSM is integrated with the system and the > former is entirely subjective anyway. Well, as you increase security there is a tradeoff. But I'm trying to come up with a reasonable balance between security and convenience. Deploying it has important consequences on operations like, for example, a make world. You must be aware of it. I'm trying to do it in the Apple way: make it simple enough to be usable, but make it strong enough :) Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C102E78F-A0AA-4444-B054-2396E4C082C3>