-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > From: Rick <[email protected]> [email protected]> > wrote: > >> Yesterday Nick Daly started a discussion about PHP alternatives. >> PHP is crap, and has a very bad security reputation. Should we >> use programs that are written in PHP for the FreedomBox? >> > Sounds like a job for selinux. Rob is spot on regarding TOMOYO. I've easily deployed version 2.3 of TOMOYO on a Linux box and was (figuratively speaking) ecstatic over its ease of use compared to SElinux. TOMOYO also doesn't mess with with your filesystem (as SElinux does). Two caveats: 1] AKARI - --should-- be similar; 2] I understand that the tomoyo developers were considering some major structural feature and syntax changes since version 2.3, and they're currently at version 2.5.
In my particular usage case, Tomoyo revealed alot of nonsense that some Firefox add-ons were doing, and allowed me to easily restrict the wayward activities. And the add-ons continued to function fine anyway. Even though tomoyo is ridiculously simpler to use than SElinux, Should Freedombox decide to integrate TOMOYO or AKARI into the build, I would still strongly (very very) suggest FreedomBox prepare default profiles for the default FreedomBox apps. (SUSE and Canonical did so for Apparmor, but when I evaluated Apparmor a few years ago, their defaults were uselessly liberal - no offense intended to you liberals on the list). I had suggested this a few years ago on the tomoyo discussion list and directly with the tomoyo developers, but at the time, the effort went nowhere. - -- hkp://keys.gnupg.net CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQBGzoAAoJEDvrUfDmCx9LcXkP/jnZXiWNdN5PaajJ3wqpTb7f Rx97PBNn8zqtm8Ba+VMGAPmwzYQUsJDLuz8P2E4Qme33hjEx5hFQRlrtsLhKC6MG TrZd8Fo4t/I3dzpE/ExtC15cdGPlvMJ7xxEgvH3lb4qSFb+gw163IaOScceJEArV /xVbNx2OQUx+VdEwqyrN9ah/R8rUV7X2yj2oMtWrW3LherrXeAmxtncRL+RXibTb sbwJ253cuxdRfTYkvc5J8M+LEOxy1xVLVwpRTyLw9y10K7XII+yZ3TfnJY3lvDg9 sk5+7eEgt8Zm5gKPjb/tXHankcrd0woq9BfFXDqfqQWsvHko0eGDMQnFAEtdCaGo e+pmiTx9Ex4ZA926bWV+nHss6wlTmMOk+OfxwHj8TvBMob6ZIeUfwDYpSuTIv7Sl 0l9KHpXxBmGJ//xBwbW/uKuTKiZnEIl8IhkTNc8zGZkeK1np4SwUOAVAh2battVY 50nMSYdAwq09Z/x6q9hVYeHk2orhy5ZhVC8D5AMSI5cr/JlW3hrbWZWWAtB3y92p j8nkiGFul+NltJWW5C7yTYWYId3dWtfxZUbCjeJJ9WtkU5iOXaEmPAGq5+0E7wxO tw0lvZcglr3DF3soMZ9HYoMbyMfarC4/qMxF6PV4Xtdu7bYMKwvqlBplaMgqdZY/ aPOE2WGfNHfd7exZfUqS =I0UM -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
