On Thu, 17 Aug 2006, Crispin Cowan wrote:
[...] Well, no, that is not correct.
Effectively you blame the german iX magazine to talk rubbish. The point is: as long as the maintainer doesn't work with the necessary care a server might be started in a protected environment if started "normaly" and in an unprotected environment if started for instance chrooted _despite_ the fact that one and the same binary - for instance via a hardlink - is used. The underlaying mechanisms which are used for instance by selinux protect _everything_ which uses the protected binary might it be a hardlink or a softlink. This smells like AppArmor droped security in favor of ease of use for not so firm people. No good deal! SuSE Linux more and more drifts towards "another Windows". In the meantime I know a lot of people - amongst them are numerous administrators which I personally rate as good or very good ones - who already droped SuSE in favor of Debian or comparable distributions. Mind that. I personally will install the coming (already released?) SuSE 10.2 on my machines and if it will not attract me the installation after this one will be debian. But still: Maybe I'm unfair to SuSE/Novell. If it should be the case that I already have the *alternatives* selinux _or_ AppArmor I would have to take the above critics. What I want to have is the choice! Give other users a tool at hand with which they might secure their machines in obscurity as long as you give _me_ the tools at hand to really secure the machines under my administration.
[...]
Best regards Henning Hucke -- Mountain Dew and doughnuts... because breakfast is the most important meal of the day.