5·
15 days agoTIL. Very cool.
- 0 Posts
- 6 Comments
Joined 2 years ago
Cake day: June 28th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Solaris was beautiful. But it could have been more secure if it had Mandatory Access Controls. One compromised app running as root, or one privilege elevation exploit and without mandatory access controls you’re done.
Even with user contained exploits without MAC you expose way too much.
Edit: Turns out Solaris had a MAC enabled variant called Trusted Solaris! I could have seen myself using this if Sun was still around and OpenSolaris had panned out.
https://en.m.wikipedia.org/wiki/Trusted_Solaris
In conclusion Solaris was not junk.
I like the fact that it is a solid mandatory access control system. With SELinux you are substantially more safe than without.
For example. Let’s say you are running a compromised version of OpenSSH. Threw a XZ style back door a hacker gets in as OpenSSH (which runs as root).
Without SELinux the system is fully owned. With SELinux the attacker can only access what OpenSSH needs to access even if they have root. They can’t just chmod files and folders wherever. That means your photos and application data are still secure. With the pre written SELinux policies this applies not just for OpenSSH but for every piece of software installed on your system. Everything is limited to the exact folders, ports, and system capabilities that it needs and no more. Even stuff like seperate websites being served under Nginx. You can have Nginx-subgroup-1 and Nginx-subgroup-2 where the applications can’t see each other even though they are being run as the Nginx user.
I don’t trust any Linux distro without this security layer.
It’s a little difficult to learn and master, but it’s totally worth it if you care about security.
Redhat put out a comic about it a few years ago explaining the basics. https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf
Thank goodness for selinux. Without it Linux would not be a secure OS.
And no AppArmor does not do the same thing. You need the mandatory part for mandatory access controls to work.
22·1 month agoI mean they’re synced super fast to every file system. It works really well. Wayyy wayyy faster than nextcloud too. You can access them on that file system. If you want to “directly” access them you can always use the fuse driver. This being said there isn’t really a need to because all the files just are synced to your file system.
+1 for Toki Pona!
It’s a very small language (< 200 words) that forces you to think about how you think. It’s not hard to learn and quite wholesome. The name means “The Language of Good”
Also there is an amazing art scene around the language. Being able to listen to the music keeps me going.
https://youtube.com/playlist?list=PLqCH2JzaHCjZ84qxUQXrwAjpKQEowGsn9