User: Password:
Subscribe / Log in / New account

Won't stop rootkits

Won't stop rootkits

Posted Jul 15, 2004 17:43 UTC (Thu) by scripter (subscriber, #2654)
In reply to: Won't stop rootkits by spender
Parent article: Cryptographic signatures on kernel modules

I think your criticism is misdirected. Users require that first, the system must be usable, and second, secure. SELinux made their systems unusable, and if RedHat had left it enabled by default, they would have alienated a lot of users.

Integrating SELinux (even if not enabled by default) was a first step toward people using the system, working out problems, writing rule sets, etc. Without reasonable first steps, we would NEVER get to a secure state of security.

As for signed executables -- of course it's not a be-all end-all security solution. NOTHING IS. But it raises the bar, and that _is_ worthwhile.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds