Won't stop rootkits
Posted Jul 15, 2004 17:43 UTC (Thu) by scripter
In reply to: Won't stop rootkits
Parent article: Cryptographic signatures on kernel modules
I think your criticism is misdirected. Users require that first, the system must be usable, and second, secure. SELinux made their systems unusable, and if RedHat had left it enabled by default, they would have alienated a lot of users.
Integrating SELinux (even if not enabled by default) was a first step toward people using the system, working out problems, writing rule sets, etc. Without reasonable first steps, we would NEVER get to a secure state of security.
As for signed executables -- of course it's not a be-all end-all security solution. NOTHING IS. But it raises the bar, and that _is_ worthwhile.
to post comments)