[Info-vax] September 6, 2016 - new Roadmap and State of the Port updates now on VSI website
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Sep 7 18:17:23 EDT 2016
On 2016-09-07 21:26:11 +0000, clairgrant71 at gmail.com said:
> On Wednesday, September 7, 2016 at 2:51:30 PM UTC-4, Simon Clubley wrote:
>
>> I wonder what "Enhanced Application Isolation and Management" means ?
>> Is it SELinux MAC type security or more a chroot/jail type security ?
>
> MAC is not what I have in mind. ...
And FWIW, MAC security support is already latent in OpenVMS, and as
Clair is undoubtedly aware.
Some of the MAC security UI is also latent such as UPGRADE and
DOWNGRADE privileges and some SJC$ flags, and there was some add-on
software involved.
http://h41379.www4.hpe.com/openvms/products/sevms/
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.27.2541&rep=rep1&type=pdf
Few have looked at that code in twenty years, too.
MAC security is not going to be popular with most users in general,
though. Not outside of certain organizations. Too hard to use.
As has been discussed before. What's latent now is also not going to
effectively isolate apps on OpenVMS in any meaningful way, either.
Not without more than a little work — the secrecy and lowercase-i
integrity masks are pretty limited, and the designs — like UICs and job
numbers — suffer from the usual problems inherent in numeric-based and
non-UUID-based APIs. Irrespective of the German Tank Problem.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list