lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f03tr9$buk$1@taverner.cs.berkeley.edu>
Date:	Wed, 18 Apr 2007 01:55:53 +0000 (UTC)
From:	daw@...berkeley.edu (David Wagner)
To:	linux-kernel@...r.kernel.org
Subject: Re: AppArmor FAQ

James Morris  wrote:
>I would challenge the claim that AppArmor offers any magic bullet for
>ease of use.

There are, of course, no magic bullets for ease of use.
I would not make such a strong claim.  I simply stated that it
is plausible that AppArmor might have some advantages in some
deployment environments.

The purpose of LSM was to enable multiple different approaches to
security, so that we don't have to fight over the One True Way to
do it.  There might not be one best way for all situations.

These systems probably have different tradeoffs.  Consequently, it seems
to me that arguing over whether SELinux is superior to AppArmor makes
about as much sense as arguing over whether emacs is superior to vim,
or whether Python is superior to Perl.  The answer is likely to be
"it depends".

It's to be expected that SELinux developers prefer their own system
over AppArmor, or that AppArmor developers prefer AppArmor to SELinux.
(Have you ever seen any new parent who thinks their own baby is ugly?)
SELinux developers are likely to have built a system that addresses
the problems that seem important to them; other systems might set
priorities differently.

I think in this case the best remedy is to let many flowers bloom,
and let the users decide for themselves.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ