LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Security-Enhanced Fedora Core 2

Security-Enhanced Fedora Core 2

Posted Jan 15, 2004 4:20 UTC (Thu) by brugolsky (subscriber, #28)
Parent article: Security-Enhanced Fedora Core 2

As excited as I am about SELinux in FC2, one needs to recognize that it still isn't going protect one from kernel vulnerabilities, like the recent VM bugs. And X needs to be fixed. Despite all efforts, the weakest link will still be the gullible human in the loop. There is no magic bullet.

The real challenge is going to be to make it at all comprehensible to a desktop user. Some of the policy can be quite subtle, even fragile. A server with a small list of functions presents a relatively static environment for crafting security policy. Perhaps many corporate desktops will also be largely static. But with something like Fedora, the model is one of constant change. Put the finishing touches on a policy and along comes some new application requirement to muck it up. :-)

On the positive side, SELinux is going to greatly enhance the ability to sandbox code, so that browsers browse, mailers send and receive email, and filters filter. The Unix model of very lightweight process creation and IPC can help greatly in this regard -- something that is much more difficult to achieve on other operating systems, even when they are designed with security in mind.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.