Kernel Summit 2006: Security
Posted Jul 25, 2006 3:43 UTC (Tue) by roelofs
Parent article: Kernel Summit 2006: Security
Christoph Hellwig noted that security is never easy. Rather than trying to come up with an easy fix via a security framework, he said, developers should be getting server applications right and "fix the crappy code." The response was that crappy code will always exist, but that it would be nice to have reasonably secure systems anyway.
Hellwig's comment seems a bit naive. And while the response to it is valid as far as it goes, I would word it more strongly: (1) "security is never easy" doesn't mean it should be harder than necessary (i.e., don't whitewash the risks, but don't throw up unnecessary obstacles for less technically adept users, either); and (2) as a rule of thumb, security is never about "rather than"--it's about "in addition to". That is (regarding item 2), you don't ignore privilege-escalation issues just because you believe remote execution is blocked; you address both. You don't stop working on security just because you've got a corporate firewall and DMZ in place; you also harden your kernels, your apps, your facility, your procedures, and your users(!).
That said, I don't have a particular axe to grind with respect to either SELinux or AppArmor; I've never used either one, personally. But if I were still running servers at home, I think I'd be more inclined to start with AppArmor, based solely on what I've read here...
to post comments)