LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

non C based environments can have problems

non C based environments can have problems

Posted Jan 19, 2007 18:19 UTC (Fri) by janfrode (subscriber, #244)
In reply to: non C based environments can have problems by pvaneynd
Parent article: LCA: How to improve Debian security

> And SELinux does seem to be too complex for me to say if a certain configuration is secure or not.

As SElinux doesn't grant you any additional privileges over what you have on a non-SElinux enabled system, you should be able to say if a certain system is secure in the traditional UNIX configuration -- and additionally get the benefit other peoples work on further restricting the targeted applications. Think of it as dropping privileges, only on a system level.

(Log in to post comments)

non C based environments can have problems

Posted Jan 19, 2007 21:43 UTC (Fri) by pvaneynd (subscriber, #898) [Link]

I agree that SELinux is seen as an additional level of security, but some customers would quickly drop the normal unix security 'because SELinux will protect us', much like 'it is ssl encrypted' means that you don't need to pay attention to sql injection problems. Or "we don't need a firewall on the VPN link to our partner, it is encrypted!".

Not that I ever heard comments like that, of course.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds