[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ld.so and LD_PRELOAD

On Saturday, Jun 7, 2003, at 19:47 US/Eastern, Brian May wrote:

Your argument is like the one "My car has {antiskid/ABS brakes, air
bags, etc} so it is OK if I drive more aggressively".

Well, I'd say it's more like saying: It's snowing today, there is some ice on the roads, but I really need to get somewhere. If I had a car with two-rear-wheel drive, no ABS, etc., I'd be stuck missing it. But because the car has four-wheel drive, ABS, air bags, etc., I can go (though slowly and carefully, of course).

It's like saying I'd never run, e.g., a shell server on Windows ME. But with the additional security of a Unix system, I can.

With the additional security of SE-Linux, I can do things that I couldn't do without it.

It's silly to treat security (or safety, for that matter) as an absolute. There is a non-zero risk of a security breach. That risk is increased by running services and decreased by, e.g., pulling the network plug. To decided if you want/can run a service, you compare the risk of security breach with the benefits of running that service.

SELinux decreases the risk of a security breach (at least we hope it does!). Therefor, a reasonable person may choose to run more services. That's not a poor decision. It's a reasonable decision guided by the goal of getting the most out of computing resources by carefully balancing the convenience of additional services against the security risks of the same.

Reply to: