Posted Nov 26, 2004 7:56 UTC (Fri) by spender
In reply to: Civilizing SELinux
Parent article: Civilizing SELinux
Nope. You missed the point again. I'm not talking about having a complete security system. I'm saying that there are things that are discussed in the PaX documents that someone implementing PaX in production environments must handle. PaX itself does not handle these things because they may be implemented differently by different integrators. SELinux does not implement any of these things. The only thing PaX-related that SELinux implements is the MAC hook, which is more of a useful feature than a necessary component of the PaX model.
All this bragging about "information flow graphs" is ridiculous. The assumption involved (that at no point was a kernel exploit used) in such graphs is one that no security-conscious person can hold. These graphs are a guarantee of nothing (despite claims we've seen to the contrary already). Ask yourself what's more probable: that someone owns the system by finding some app on the system that uses message queues, then sends some specific data to it that causes a system compromise...eventually...somehow, or that the attacker owns the system by using a kernel exploit and bypassing SELinux completely? I don't know what world Method lives in (though I surmise it's an idiot's ivory tower) or what kind of attackers exist in this world, but any real world experience should certainly give one pause when one hears this kind of propoganda from SELinux proponents.
to post comments)