On Sat, Sep 22, 2007 at 11:34:33AM -0400, Douglas A. Tutty wrote:
> Hello all,
>
> I'm running OBSD on my older boxes but still Debian on my big box (not
> ready yet).
>
> Linux has SELinux in its 2.6 kernel and debian has gone ahead and
> compiled SELinux into the libraries, although the SELinux policies
> aren't ready on debian yet. The whole focus seems to be to make Linux
> "more secure". I'm not sure what to make of it. I figure that if you
> want secure, you switch to OBSD.
>
> Could someone who knows both the details of OBSDs security enhancements
> and the details of SELinux comment?
>
> Please note: this is _not_ a troll, flame-ware-tinder-box, whatever.
> I'm genuinly interested.
The OpenBSD developers are trying to make the most secure UNIX system
they can; SELinux might or might not be secure, but it's not UNIX.
Additionally, it's not entirely clear whether it actually helps; a
SELinux configuration is, even at its best, a lot more complex than the
equivalent UNIX-ish configuration. Thus, it becomes more likely that
there will be either configuration or coding errors.
Joachim
--
TFMotD: kadmin (8) - Kerberos administration utility
