[Dailydave] Is Windows Integrity Control in Vista really worth the performance hit? And does it really work?
Steve Grubb
sgrubb at redhat.com
Thu Mar 1 16:02:30 EST 2007
On Thursday 01 March 2007 07:40, Rodrigo Rubira Branco (BSDaemon) wrote:
> Capabilities like selinux exist in linux a long time and offer a little
> impact in the overall system performance (but that impact exists)...
True, there is a little impact and it varies based on actual workload.
> Linux solutions can be bypassed as well.
Any kernel exploit that allows writing to arbitrary kernel memory can
potentially defeat any kernel protection mechanism.
> To obtain an EAL xyz certification, linux introduces the SELinux in the
> kernel,
We got eal4+ without SE Linux as part of the eval.
> using the LSM framework... its more bugged than great (who don´t agree with
> me??).
I don't agree with you. I don't have any bug report in our bugzilla that is
traced to the kernel implementation.
-Steve
More information about the Dailydave
mailing list