SELinux

[Alan Cox]

> It is a product of academics employed by NSA, and so of questionable practical
> use for people who are dealing with system admin and security issues on daily
> basis.

Not exactly. It's the product of sixty years of work on security models
in all sorts of areas. This particular implementation was done initially
by the NSA along with similar code for other OSs but its not entirely NSA
code or ideas, far from it.

Security models are complex for a complex system. That would appear to be
unavoidable given the law of necessary variety.

> http://fedoraproject.org/wiki/Features/RemoveSETUID

Capabilities help with a few small problems in reducing the privileges
of some things that could be subject to attack but don't need that degree
of rights.

Doesn't really help against things like browser based attacks where you
need a model that can express things like "web browsers don't XYZ"

Alan