[nylug-talk] Weakest Links

[Ajai Khattri]

On Fri, 31 Aug 2007, Chris Knadle wrote:

>      "Hi, this is Firefox, can you go and modify my .rc file in <so-in-so>
>       way, so that the next time I'm started the preferences you just set
>       will be active?"
> Nobody [in their right mind] would want something this restrictive, because it 
> becomes too hard to use.

Therein lies the crux of the problem - using a more complicated security 
model without tools to make it easy result in a system harder to use.

>    I'm in agreement there.  Unfortunately SELinux [and other such restrictive 
> security models] are relatively complex.  I've played around SELinux some on 
> Debian with their targeted reference policy.  Need to play with it more.

Anyone played with polgengui (graphical selinux policy generator)? Im 
thinking something like this could be used to generate profiles for common 
attack vectors like web browsers, email software, etc.

http://tinyurl.com/2hn9nc


-- 
Aj.