On 9/22/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > Could someone who knows both the details of OBSDs security enhancements > and the details of SELinux comment?
A capsule summary of the situation is: OpenBSD aims to improve security by taking advantage of easy-to-use, hard-to-disable, low-overhead technologies. yes, you can disable propolice if you need to, but you have to know how. yes, you can disable random library mappings, but you have to know how. yes, you can disable W^X, but you have to try. you could turn off the security features, but why would you, since they don't get in your way, and they don't slow you down all that much. i've not seen SELinux installations (or similar technologies) that are easy to use correctly... -- GDB has a 'break' feature; why doesn't it have 'fix' too?
