[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ld.so and LD_PRELOAD



On 06 Jun 2003 19:23:42 -0400
Anthony DeRobertis <asd@suespammers.org> wrote:
> On Fri, 2003-06-06 at 18:38, Russell Coker wrote:
> 
> > LSM (which SE Linux is built on) does not support permissive controls.  So SE 
> > Linux can only deny operations that would otherwise be permitted by regular 
> > Unix controls.  So for a recommended configuration you can not make it any 
> > more insecure than a standard Linux system no matter what you do.
> 
> Sure you can. When you're deciding if you want offer some service on a
> box, for example, you weight the costs, including security, against the
> benefits. If you've installed SELinux, you probably think it provides
> security benefits. So you're going to include it in calculating the
> security costs, which will be less because of it. Thus, you are more
> likely to offer services.
> 
> If it turns out that SELinux doesn't really provide the security bonus
> you thought it did --- either due to a bug or wanton misconfiguration
> --- you have a less secure box than a standard Linux one would of been
> (because you wouldn't of offered the service)

I certainly agree with the sentiment (having witnessed it myself
routinely). However, LSM/SELinux is complex enough that most of the
people who would be affected by this will choose another solution
(grsecurity being the most prelevant, I believe). Those who don't have
the requisite experience necessary to understand that false security is
no security won't likely choose SELinux. I have also witnessed this
happen rarely, though. In those cases, they chose it primarily because
it was the most complex solution they could find.

Frankly, if you can solve that "problem" without removing options to
skilled administrators, you'll have done the world a big favour :)

Attachment: pgp0cXKdtZRfe.pgp
Description: PGP signature


Reply to: