|
|
Subscribe / Log in / New account

Ghosts of Unix past, part 3: Unfixable designs

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 25, 2010 20:18 UTC (Thu) by slashdot (guest, #22014)
In reply to: Ghosts of Unix past, part 3: Unfixable designs by skissane
Parent article: Ghosts of Unix past, part 3: Unfixable designs

Linux does this, although security is handled by kernel modules ("LSM"s) instead of daemons.

AppArmor has separately-stored policy, while SELinux has separately-stored policy which is however automatically baked into the filesystem.

The real problem Linux has is that nobody seems to have the interest, authority and/or ability to figure out the optimal security model to use, so there are several ones in wide use, but none is actually polished and widespread.

Also, security UI and user-friendliness work seems quite lacking, with the result that advanced security often gets just turned off and even if enabled, only distribution-provided policies tend to be used.

to post comments


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds