LCA: Bruce Schneier on the two sides of security
Posted Feb 13, 2008 13:39 UTC (Wed) by ekj
Parent article: LCA: Bruce Schneier on the two sides of security
SELinux is a bad example.
I, like most sysadmins I know have been turning it off. But not for any reason of irrational fear like you suggest, but rather precisely for the reason one should do it, according to the Schneier you quote: For many people it just plain isn't worth it.
I assume I'm some uncertain amount safer when I have it turned on, hard to say precisely how much, but it'll certainly have some positive effect, prevent some types of attack from succeeding.
But I -KNOW- from personal first hand experience that:
- It is complex. Complexity is -bad- for security.
- I don't understand it. Not even after having spent probably a week spesifically trying to understand it. Possibly, I'm just stupid, but that's the way it is.
- It takes a lot of time to configure it correctly for any non-trivial setting.
- Having it turned on causes a lot of headaches with stuff that otherwise "just works".
Put differently: The COST of running with SELinux is known and HIGH. The benefit is unknown, but assumed moderately positive. Not enough positive to defend turning it on though.
Being more secure does not help if the added work is MORE than the gain in security. I don't use SELinux for the same reason I wouldn't support banning all airplanes; both would probably improve security, but the cost is to high.
to post comments)