How the NSA Took Linux To the Next Level 172
An anonymous reader brings us IBM Developerworks' recent analysis of how the NSA built SELinux to withstand attacks. The article shows us some of the relevant kernel architecture and compares SELinux to a few other approaches. We've discussed SELinux in the past. Quoting:
"If you have a program that responds to socket requests but doesn't need to access the file system, then that program should be able to listen on a given socket but not have access to the file system. That way, if the program is exploited in some way, its access is explicitly minimized. This type of control is called mandatory access control (MAC). Another approach to controlling access is role-based access control (RBAC). In RBAC, permissions are provided based on roles that are granted by the security system. The concept of a role differs from that of a traditional group in that a group represents one or more users. A role can represent multiple users, but it also represents the permissions that a set of users can perform. SELinux adds both MAC and RBAC to the GNU/Linux operating system."
Re:Do you really want NSA developing your OS? (Score:3, Funny)
Re:wrong (Score:4, Funny)
Re:Do you really want NSA developing your OS? (Score:5, Funny)
Re:Do you really want NSA developing your OS? (Score:1, Funny)
Re:Roles (Score:5, Funny)
Re:Do you really want NSA developing your OS? (Score:5, Funny)
But what if YOU have a secret deal with the NSA?
Re:All very good, but... (Score:3, Funny)
Re:wrong (Score:3, Funny)
I prefer to say it more delicately, like "Everyone without a stick up his ass just calls the OS 'Linux'".
I realize that his is also divisive since it could be "stick up her ass", but I hate to make the facts come across as so wordy when you have to say "his or her ass".
Re:All very good, but... (Score:4, Funny)
Re:All very good, but... (Score:4, Funny)
Well, you can get the same experience now, thanks to Symantec Antivirus. Well, except for the whole actual security part.