On Thu, 2005-05-19 at 08:02 -0400, Doug Koobs wrote: > If you're not familar with Mandatory Access Control, read up on it; > I think that is what SELinux is about. MAC is exactly what SELinux is about. Legacy UNIX permissions and security is DAC, but lacks MAC. It's one of the few details of UNIX design that is a thorn. Otherwise, legacy UNIX design -- over 35 years old -- has been pretty damn good in the age of the Internet. Multiuser by default, execute bit, reliance on file magic, not extensions, write access only to user home directory, etc... Yeah, NT might have MAC. But the majority of Windows applications would be classified as a "root exploit" because they require escalated privileges over what UNIX programs do just to run! Including many of Microsoft's own. -- Bryan J. Smith b.j.smith at ieee.org ----------------------------------------------------------------- Beware of those who define their preference in terms of hate of another option, and not on the positive merits of their selection