Re: tomld: fully automatic MAC configuration solution

On Wed, 27 Jul 2011 08:11:57 -0400
Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:

On Wed, Jul 27, 2011 at 2:28 AM, Horvath Andras <han@xxxxxxxxx> wrote:
Dear Members,

I'd like to announce the availability of the first beta release of
my tomld project.

This is a deamon managing fully automatic MAC configuration without
any user interaction.

(supported platforms are: Debian 6 and up, Ubuntu 10.10 and up)

My site:
http://log69.com/tomld_en.html

This website is *REALLY* hard to read on a normal screen. Can I
suggest that you reset that font size and color not to be light gray
text on a white background.

I also really, really wish the Tomoyo project had not chosen MAC to
mean "Mandatory Access Control" rather than the more typical "Media
Access Control" or MAC address associated with Ethernet devices for
the last few decades. It was quite confusing when I read your site and
had not dealt with Tomoyo previously.

But good luck with this. Not having used Tomoyo, how does it compare
in usefulness against security threats, and abillity to completely
mess you up at an awkward moment, with SELinux?

Hi,

Thanks for the feedback. I'll change the text on my site and also add
more explanation about this project.

Tomoyo is not as secure as SELinux (it's written in their docs), but
way more easier to set up and use in my opinion. Because it deals with
file paths, the rules are easy to read. But i still think it's too time
consuming and hard to manage and update several thousands of rules all
the time. That's why i created my project.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/20110727143656.0704a08e@xxxxxxxxxxx

Relevant Pages

  • Re: tomld: fully automatic MAC configuration solution
    ... tomld project. ... This is a deamon managing fully automatic MAC configuration without any ... really wish the Tomoyo project had not chosen MAC to ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Capsicum -- 9.x merge in sight
    ... University of Cambridge and Google have been collaborating for the last few years on a security research project called Capsicum. ... How is Capsicum positioned, from user & admin perspective, when compared to the MAC work on FreeBSD and SELinux on Linux? ... This is a point addressed in some detail in the paper, which considers the relationship between Capsicum and other security models. ... As a result, Capsicum should be entirely transparent to end users -- except that vulnerabilities in applications become less critical -- which is quite different from what you see in various MAC models, including the TE model shipped with SELinux. ...
    (freebsd-arch)
  • Re: If this interests someone in the VMS land to broaden his expertise to non VMS systems
    ... The additional question I'd like to throw on the fire is what's out there in Linux-land which is a FOSS RDBMS which also allows MAC down to the attribute level? ... I clearly have a different definition of mandatory access control, because VMS does not offer MAC, and Rdb does not offer MAC. ... Now whether you actually need MAC in the database depends on whether you're storing multiple levels or multiple compartments within the database, and also on what sort of security and auditing you've set up around the database. ... But best to go ask your SELinux questions in an SELinux-related group, or TrustedBSD in a TrustedBSD group, etc. ...
    (comp.os.vms)
  • Re: Secure File Copy
    ... I have enabled SSH on the FreeBSD system and I can ... SSH into the box from the Mac, However I do not know how to copy the files ... need to back up from the FreeBSD system to the Mac. ... To unsubscribe, ...
    (freebsd-questions)
  • Re: new problem - networking is strange
    ... It is/was broken on my system since both of my network cards get random ... PCI address instead of MAC address. ... I was always wondering why it changes after copying the system. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)