Dailydave mailing list archives

Re: Is Windows Integrity Control in Vista really worth the performance hit? And does it really work?


From: Steve Grubb <sgrubb () redhat com>
Date: Thu, 1 Mar 2007 16:02:30 -0500

On Thursday 01 March 2007 07:40, Rodrigo Rubira Branco (BSDaemon) wrote:
Capabilities like selinux exist in linux a long time and offer a little
impact in the overall system performance (but that impact exists)...

True, there is a little impact and it varies based on actual workload.

Linux solutions can be bypassed as well.

Any kernel exploit that allows writing to arbitrary kernel memory can 
potentially defeat any kernel protection mechanism.

To obtain an EAL xyz certification, linux introduces the SELinux in the
kernel, 

We got eal4+ without SE Linux as part of the eval.

using the LSM framework... its more bugged than great (who don“t agree with
me??).

I don't agree with you. I don't have any bug report in our bugzilla that is 
traced to the kernel implementation.

-Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


Current thread: