The problem that I have with the want to add more code (GRSecurity keeps coming back) is that it is basically obfuscation.
People don't generally understand file permissions, yet we add SELinux and practically no one understands that, so we add more stuff like containers, vms over the top.
If we can't build a secure system using the simple UNIX chmod features without making mistakes, what is the probability that the more complicated systems will be better?
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
IMO you can't solve security by adding more stuff
Date: 2015-11-08 09:49 am (UTC)The problem that I have with the want to add more code (GRSecurity keeps coming back) is that it is basically obfuscation.
People don't generally understand file permissions, yet we add SELinux and practically no one understands that, so we add more stuff like containers, vms over the top.
If we can't build a secure system using the simple UNIX chmod features without making mistakes, what is the probability that the more complicated systems will be better?