LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Civilizing SELinux

Civilizing SELinux

Posted Nov 26, 2004 7:26 UTC (Fri) by bluefoxicy (guest, #25366)
In reply to: Civilizing SELinux by spender
Parent article: Civilizing SELinux

How about:

PaX & SELinux & whatever from GRSecurity is useful & Forkbomb Protector & IBM Stack Smash Protector & Stateful Firewalling (netfilter) & Packet filter firewalling (netfilter) & Dan's Guardian & ClamAV (after adding heuristics) & snort-inline & DigSig & UML & Discressionary Netfilter (non-existant hack that could be done using iptables, sudo, and some scripts)

SE isn't everything. PaX isn't everything. GR isn't everything. Firewalls aren't everything. Stack smash protection isn't everything. You need to combine everything to get everything.

Again, I won't say either of you is right; I'm just concerned that this argument is a poor way to convey your points, and that you are dwelling on defending your egos far too much more than you are on discerning what's wrong on each side and fixing those.

(Log in to post comments)

Civilizing SELinux

Posted Nov 26, 2004 7:56 UTC (Fri) by spender (subscriber, #23067) [Link]

Nope. You missed the point again. I'm not talking about having a complete security system. I'm saying that there are things that are discussed in the PaX documents that someone implementing PaX in production environments must handle. PaX itself does not handle these things because they may be implemented differently by different integrators. SELinux does not implement any of these things. The only thing PaX-related that SELinux implements is the MAC hook, which is more of a useful feature than a necessary component of the PaX model.

All this bragging about "information flow graphs" is ridiculous. The assumption involved (that at no point was a kernel exploit used) in such graphs is one that no security-conscious person can hold. These graphs are a guarantee of nothing (despite claims we've seen to the contrary already). Ask yourself what's more probable: that someone owns the system by finding some app on the system that uses message queues, then sends some specific data to it that causes a system compromise...eventually...somehow, or that the attacker owns the system by using a kernel exploit and bypassing SELinux completely? I don't know what world Method lives in (though I surmise it's an idiot's ivory tower) or what kind of attackers exist in this world, but any real world experience should certainly give one pause when one hears this kind of propoganda from SELinux proponents.

Civilizing SELinux

Posted Nov 26, 2004 16:51 UTC (Fri) by bluefoxicy (guest, #25366) [Link]

I'm not missing the point. I'm saying that we need to focus on more important things, like correcting these issues. I'm fairly sure Method is only concerned with GR vs SE in the context of the ACL, and is irritated by your trying to justify your own MAC system's shortcomings with (valid) points about the extra restrictions GR brings along.

Perhaps reimplement the GR protections around SELinux and try to get them into mainline?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds