[aklug] Re: Modular security?

From: Damien Hull <damien@linuxninjas.tv>
Date: Thu Oct 28 2010 - 22:29:10 AKDT

On Oct 28, 2010, at 8:25 PM, Christopher Howard <cmhoward@frigidcode.com> wrote:

> On Thu, Oct 28, 2010 at 02:39:25PM -0800, Joshua J. Kugler wrote:
>> On Thursday 28 October 2010, Christopher Howard elucidated thus:
>>> My android phone has this interesting security model in which, just
>>> before installing an application, you are told which components of
>>> you phone's security (e.g., SD Card, Internet Access, GPS
>>> information) that the application is going to be granted access to.
>>> If you think that the app is asking for more privileges than it
>>> needs, you just don't install the app.
>>>
>>> I am curious if that kind of approach to application security had
>>> ever been explored in a Linux context, and how you might go about
>>> setting it up if you wanted it. (D-Bus? SetUID? New kernel modules?)
>>
>> Capabilities
>> AppArmor
>> SELinux
>>
>> j
>>
>> --
>> Joshua Kugler
>> Part-Time System Admin/Programmer
>> http://www.eeinternet.com - Fairbanks, AK
>> PGP Key: http://pgp.mit.edu/ ?ID 0x73B13B6A
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>
> I'll never go near SELinux again, so help me. AppArmor looks more along the lines of what I was thinking.
>
> --
> Christopher Howard
> frigidcode.com
> theologia.indicium.us
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

I haven't looked at either one. I'm voting for SELinux.

The wikipedia page for AppArmor says little more then Novell fired the
programming team. The page for SELinux has all kinds of security
references. As in IT people seem to like it.

It's on my todo list.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Oct 28 22:30:23 2010

This archive was generated by hypermail 2.1.8 : Thu Oct 28 2010 - 22:30:23 AKDT