[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ld.so and LD_PRELOAD

On Mon, 9 Jun 2003 19:58, Anthony DeRobertis wrote:
> Well, I'd say it's more like saying: It's snowing today, there is some
> ice on the roads, but I really need to get somewhere. If I had a car
> with two-rear-wheel drive, no ABS, etc., I'd be stuck missing it. But
> because the car has four-wheel drive, ABS, air bags, etc., I can go
> (though slowly and carefully, of course).

Yes, some 4WD owners over-estimate the capabilities of their vehicle (or their 
ability to drive it) and get stuck.  But the same happens with 2WD vehicles, 
I've had a near-miss doing 4WD stuff in a 2WD vehicle, I almost drove a Ford 
Falcon (for the EU people - that's much like a Ford Mondeo but quite a bit 
larger, http://www.ford.com.au will show you pictures) into a river that was 
deep enough to destroy the vehicle. (*)

> SELinux decreases the risk of a security breach (at least we hope it
> does!). Therefor, a reasonable person may choose to run more services.
> That's not a poor decision. It's a reasonable decision guided by the
> goal of getting the most out of computing resources by carefully
> balancing the convenience of additional services against the security
> risks of the same.

Yes.  If you add extra services without adequate consideration then you can 
get yourself into trouble.  But I don't think this is a valid criticism of SE 
Linux.  Home users may offer extra services because of having SE Linux, but 
they should be in a good position to make an informed choice about whether 
their goals exceed their skills.  Corporate sys-admins usually don't get a 
choice, their boss tells them to provide a service regardless of the risk, 
for them SE Linux only has benefits for security.

(*)  I guess this will reveal whether my parents do google searches on me, 
they haven't heard of what almost happened to their car.  ;)

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: