[Info-vax] September 6, 2016 - new Roadmap and State of the Port updates now on VSI website
Dirk Munk
munk at home.nl
Wed Sep 7 19:21:54 EDT 2016
Stephen Hoffman wrote:
> On 2016-09-07 21:26:11 +0000, clairgrant71 at gmail.com said:
>
>> On Wednesday, September 7, 2016 at 2:51:30 PM UTC-4, Simon Clubley wrote:
>>
>>> I wonder what "Enhanced Application Isolation and Management" means ?
>>> Is it SELinux MAC type security or more a chroot/jail type security ?
>>
>> MAC is not what I have in mind. ...
>
> And FWIW, MAC security support is already latent in OpenVMS, and as
> Clair is undoubtedly aware.
>
> Some of the MAC security UI is also latent such as UPGRADE and DOWNGRADE
> privileges and some SJC$ flags, and there was some add-on software
> involved.
>
> http://h41379.www4.hpe.com/openvms/products/sevms/
> http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.27.2541&rep=rep1&type=pdf
>
>
> Few have looked at that code in twenty years, too.
>
> MAC security is not going to be popular with most users in general,
> though. Not outside of certain organizations. Too hard to use. As
> has been discussed before. What's latent now is also not going to
> effectively isolate apps on OpenVMS in any meaningful way, either. Not
> without more than a little work — the secrecy and lowercase-i integrity
> masks are pretty limited, and the designs — like UICs and job numbers —
> suffer from the usual problems inherent in numeric-based and
> non-UUID-based APIs. Irrespective of the German Tank Problem.
>
As far as I'm aware the development of a new version of the Leopard 2 is
going fine, and there is talk about developing a completely new Leopard
3. So which German Tank Problem are your referring too?
More information about the Info-vax
mailing list