Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 18:58 UTC (Fri) by gmaxwell (guest, #30048)
In reply to: Walsh: Cool things with SELinux... Introducing sandbox -X by PaXTeam
Parent article: Walsh: Cool things with SELinux... Introducing sandbox -X

So... I should use PAX: Because it is completely and totally unexploitable, and even in the face of user error it remains absolutely secure. Unlike this silly sandbox stuff that only provides greatly increased security against a large portion of possible attacks, and not absolute security like PaX. Did I get that right?

Come on Nothing provides complete security. The sandbox will reduce the exposed surface in a couple of ways, and totally shut down attacks without a kernel or sandbox compromising component. It may even insulate against some kernel attacks by not permitting the required syscalls, though protecting against kernel flaws isn't the stated purpose of the sandbox.

If anyone actually here was confused into thinking that this solved all security problems pointing out that it didn't would be helpful... but things like "when the entire premise of this sandbox is obviously false, i think that's quite a relevant point. unless you don't actually care about security, that is." make you sound like someone completely lacking perspective.

to post comments

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 23:27 UTC (Fri) by PaXTeam (guest, #24616) [Link]

> Did I get that right?

no you didn't. PaX doesn't protect you against all kernel bugs, only a few specific classes of them. not sure how all this is relevant here though as i wasn't talking about it at all, not to mention that the purpose of PaX is to protect against remote attacks, not local ones.

> The sandbox will reduce the exposed surface in a couple of ways

is it trivially circumventible or not by the assumed attacker? the answer to this question will tell you how useful it is, that's all i wanted to point out. as for lacking perspective, you are free to make your most trusted personal box available to the entire internet and see how fast it gets compromised and your precious secrets leaked. not so keen on doing it? then why are you suggesting guillable users the same?