On 06 Jun 2003 19:23:42 -0400 Anthony DeRobertis <asd@suespammers.org> wrote: > On Fri, 2003-06-06 at 18:38, Russell Coker wrote: > > > LSM (which SE Linux is built on) does not support permissive controls. So SE > > Linux can only deny operations that would otherwise be permitted by regular > > Unix controls. So for a recommended configuration you can not make it any > > more insecure than a standard Linux system no matter what you do. > > Sure you can. When you're deciding if you want offer some service on a > box, for example, you weight the costs, including security, against the > benefits. If you've installed SELinux, you probably think it provides > security benefits. So you're going to include it in calculating the > security costs, which will be less because of it. Thus, you are more > likely to offer services. > > If it turns out that SELinux doesn't really provide the security bonus > you thought it did --- either due to a bug or wanton misconfiguration > --- you have a less secure box than a standard Linux one would of been > (because you wouldn't of offered the service) I certainly agree with the sentiment (having witnessed it myself routinely). However, LSM/SELinux is complex enough that most of the people who would be affected by this will choose another solution (grsecurity being the most prelevant, I believe). Those who don't have the requisite experience necessary to understand that false security is no security won't likely choose SELinux. I have also witnessed this happen rarely, though. In those cases, they chose it primarily because it was the most complex solution they could find. Frankly, if you can solve that "problem" without removing options to skilled administrators, you'll have done the world a big favour :)
Attachment:
pgpbCk9IFd6md.pgp
Description: PGP signature