[Freedombox-discuss] PHP is not the problem, security is!
Boruch Baum
boruch_baum at gmx.com
Mon Jul 16 19:35:25 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> From: Rick <graham.rick at gmail.com> robvanderhoeven at ziggo.nl>
> wrote:
>
>> Yesterday Nick Daly started a discussion about PHP alternatives.
>> PHP is crap, and has a very bad security reputation. Should we
>> use programs that are written in PHP for the FreedomBox?
>>
> Sounds like a job for selinux.
Rob is spot on regarding TOMOYO. I've easily deployed version 2.3 of
TOMOYO on a Linux box and was (figuratively speaking) ecstatic over
its ease of use compared to SElinux. TOMOYO also doesn't mess with
with your filesystem (as SElinux does). Two caveats: 1] AKARI
- --should-- be similar; 2] I understand that the tomoyo developers were
considering some major structural feature and syntax changes since
version 2.3, and they're currently at version 2.5.
In my particular usage case, Tomoyo revealed alot of nonsense that
some Firefox add-ons were doing, and allowed me to easily restrict the
wayward activities. And the add-ons continued to function fine anyway.
Even though tomoyo is ridiculously simpler to use than SElinux, Should
Freedombox decide to integrate TOMOYO or AKARI into the build, I would
still strongly (very very) suggest FreedomBox prepare default profiles
for the default FreedomBox apps. (SUSE and Canonical did so for
Apparmor, but when I evaluated Apparmor a few years ago, their
defaults were uselessly liberal - no offense intended to you liberals
on the list). I had suggested this a few years ago on the tomoyo
discussion list and directly with the tomoyo developers, but at the
time, the effort went nowhere.
- --
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQBGzoAAoJEDvrUfDmCx9LcXkP/jnZXiWNdN5PaajJ3wqpTb7f
Rx97PBNn8zqtm8Ba+VMGAPmwzYQUsJDLuz8P2E4Qme33hjEx5hFQRlrtsLhKC6MG
TrZd8Fo4t/I3dzpE/ExtC15cdGPlvMJ7xxEgvH3lb4qSFb+gw163IaOScceJEArV
/xVbNx2OQUx+VdEwqyrN9ah/R8rUV7X2yj2oMtWrW3LherrXeAmxtncRL+RXibTb
sbwJ253cuxdRfTYkvc5J8M+LEOxy1xVLVwpRTyLw9y10K7XII+yZ3TfnJY3lvDg9
sk5+7eEgt8Zm5gKPjb/tXHankcrd0woq9BfFXDqfqQWsvHko0eGDMQnFAEtdCaGo
e+pmiTx9Ex4ZA926bWV+nHss6wlTmMOk+OfxwHj8TvBMob6ZIeUfwDYpSuTIv7Sl
0l9KHpXxBmGJ//xBwbW/uKuTKiZnEIl8IhkTNc8zGZkeK1np4SwUOAVAh2battVY
50nMSYdAwq09Z/x6q9hVYeHk2orhy5ZhVC8D5AMSI5cr/JlW3hrbWZWWAtB3y92p
j8nkiGFul+NltJWW5C7yTYWYId3dWtfxZUbCjeJJ9WtkU5iOXaEmPAGq5+0E7wxO
tw0lvZcglr3DF3soMZ9HYoMbyMfarC4/qMxF6PV4Xtdu7bYMKwvqlBplaMgqdZY/
aPOE2WGfNHfd7exZfUqS
=I0UM
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list