I was wondering if anyone has seen any papers comparing & contrasting
type enforcement vs. a chroot() setuid() environment. I have done a bit of
research, and I have found the following.
1) type enforcement provides multiple domains that allow for seperation of duty.
2) type enforcement allows for the removal of system calls from any given
3) type enforcement requires a configuration of who can touch what. This can
be useful for triggering alarms & potentially strong audit data.
The one thing that I see as a potential downfall to the integrity of type
enforcement is configuration. It appears to me that it could be cumbersome &
very detailed. I myself feel the KISS approach is always best, and type
enforcement seems to break this rule.
I would be very interested to hear comments, and extremly interested to see a
paper on the subject.