Re: ld.so and LD_PRELOAD
On Fri, Jun 06, 2003 at 07:23:42PM -0400, Anthony DeRobertis wrote:
> Sure you can. When you're deciding if you want offer some service on a
> box, for example, you weight the costs, including security, against the
> benefits. If you've installed SELinux, you probably think it provides
> security benefits. So you're going to include it in calculating the
> security costs, which will be less because of it. Thus, you are more
> likely to offer services.
>
> If it turns out that SELinux doesn't really provide the security bonus
> you thought it did --- either due to a bug or wanton misconfiguration
> --- you have a less secure box than a standard Linux one would of been
> (because you wouldn't of offered the service)
Running more services on a computer just because you are using SE-Linux,
is, IMHO a poor argument. SE-Linux isn't a complete security solution in
itself, it simply is a tool that can be used, and combined with other
security mechanisms to make your computer more secure.
Your argument is like the one "My car has {antiskid/ABS brakes, air
bags, etc} so it is OK if I drive more aggressively".
Both are similar in that just having the better technology does not
excuse making poor decisions elsewhere.
--
Brian May <bam@debian.org>
Reply to: