LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SELinux

SELinux

Posted Oct 21, 2009 4:11 UTC (Wed) by njs (guest, #40338)
In reply to: SELinux by spender
Parent article: LPC: Three sessions from the security track

Well, okay. Now look at the first half of my sentence, and the surrounding context. I said SELinux is *for* locking down stuff further than it would be otherwise (giving the firefox example as a clarification on what this meant), as part of explaining the difference between it and PolicyKit to someone who was confused on this basic point.

We both know perfectly well that what I described is a design goal for SELinux -- and that's true quite independently of whether this is a useful goal, and whether or not SELinux actually accomplishes it.

Now, absolutely, I was a bit lazy -- I could, maybe should, have gone further and pointed out that SELinux was far from a panacea. Arguably people are so commonly confused about what to expect from "security" code that we have a responsibility not to mislead them further, even by omission. And if you'd called me on that, then I'd have agreed and we'd go on our way, having made the world a slightly better place.

Calling me "wrong, wrong, wrong" and assuming that if I didn't bring up this tangential point then I must be completely ignorant -- that's a little different!

Yes, I really have read your posts here before and understand what you're saying. What I'm trying to say is that 1) I basically *agree* with all the factual/technical content you're trying to get out there; if anything, I'm on your side, but 2) you argue in such grating ways, mixing some excellent points with so much dishonest rhetoric, irrelevant grudges, and derailing of other discussions onto your hobbyhorses, that I'd rather not engage with you myself, and have perfect sympathy for kernel developers who ignore you.

The end result looks almost like a loop where you rant and rave about how no-one listens to you, everyone else goes "uh, maybe he has some points but I'm not sticking around to find out", and then this proves that no-one listens to you and confirms your misunderstood genius cred. If that works for you, great, but leave me out of it. We've all been misunderstood -- heck, Linus slanders some of my work on a pretty regular basis -- but if our goal is to actually accomplish stuff then we just ignore it and do our best make progress anyway with the hand we're dealt. (The irony is that doing this is what *actually* convinces bystanders that we're awesome, in a way that explaining how those idiots don't appreciate our work does not.)

(Log in to post comments)

SELinux

Posted Oct 21, 2009 6:04 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

I am not frequently in agreement with spender, but SELinux has been advertised as being able to block things like deleting home directories (in fact IIRC, when I first heard of it, it was with "here is the root password to a system that's reachable on the Internet, because it's running SELinux you can't hurt it."

SELinux

Posted Oct 22, 2009 0:05 UTC (Thu) by nix (subscriber, #2304) [Link]

What happened to that machine? Is it still root-exposed to the net? :)

SELinux

Posted Oct 22, 2009 1:44 UTC (Thu) by njs (guest, #40338) [Link]

It's here (and has been since 2002):
http://www.coker.com.au/selinux/play.html

And was online as recently as February:
http://etbe.coker.com.au/2009/02/17/lenny-play-machine-on...

Though I'm getting "no route to host" right now -- perhaps because it is getting warm again in Australia :-) (see last link)

SELinux

Posted Oct 21, 2009 13:21 UTC (Wed) by spender (subscriber, #23067) [Link]

What I did was quoted a sentence of what you wrote, which no amount of context could have made true. You were very explicit in what you wrote, and that is what my comment of "wrong, wrong, wrong" was explicitly directed toward. If you had left that part out, I would have had no real objection to your post.

SELinux in general improves security by reducing attack surface.
SELinux (with proper policy) prevents applications from shooting themselves in the foot.
SELinux can increase required exploit complexity.
All of these statements I have no problem with.

It's the:
Here's the root password to my SELinux-protected machine, you can't compromise it.
SELinux can guarantee firefox can't delete your home directory, even in the presence of a skilled attacker.
First two panels of the following: http://grsecurity.net/~spender/mac_security_sesamestreet.jpg (from http://magazine.redhat.com/2007/05/04/whats-new-in-selinu...)

that I take issue with, and will continue to point out when I see it. I wrote a section of our Wiki (http://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System#L...) that puts the information up front (it's the first thing after describing what the RBAC system is) that we plan to update soon with more of a historical lesson of the environment from which access control systems and models originated, how the problem being solved at the time was curbing the problem of careless (specifically, not malicious -- they were considered trusted) administrators.

It was about people control, not program control. Modern day threats like determined/skilled/funded attackers or even modern networking weren't even part of the picture. Any time networking was discussed, it involved private, trusted networks where all machines involved were protected under the same security model. Clearly the Internet is not such a network.

So what you see from people who drink the kool-aid of these old security models and concepts is erroneous extrapolation to a modern environment that these things they hold in such high regard weren't even designed for. It's this kind of misguided illusion that I've been trying to inject doses of reality in for some years now.

As for actually accomplishing stuff, we spend a lot more time doing it than we do talking about it (for instance, I only recently wrote a list of what we developed over the past couple months: http://grsecurity.net/news.php#develup) but that doesn't have anything to do with the original discussion.

-Brad

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds