[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)

Am Freitag 02 Februar 2007 13:49 schrieb Russell Coker:
> One of the enemies of security in Debian is the fact that every person
> controls their little area and has no requirement to work towards common
> goals (apart from the most obvious ones of making the system work).
> This means that instead of having a little cooperation from other
> developers anyone who wants to get a significant change included will have
> to fight hundreds of battles.
> SE Linux is a classic example of this.  Debian could have had SE Linux
> support long before Fedora, but instead it gets it long afterwards.
> The same battles occur with regard to all the other security measures I
> mentioned (and some others I didn't).  We could made Debian the most secure
> Linux distribution, there are many people who have the skills and the
> interest in doing so.

And everybody gets the SE Linux overhead if he wants or not? The current 
system does not give you perfect security but neither does adding SE Linux. 
Instead, you probably get annoying permission problems.
Name a few guys that really likes to use this on a private machine and some 
real-life improvements that it brings. Hint: "increased security" is not an 
Not being able to change the cause to the better doesn't mean to introduce a 
mess to control the result.
And I really hope that Debian never considers installing+enabling selinux by 

> You want features such as exec-shield, well you don't get them - because of
> other people with the same attitude as you.

Please differ between things that are pretty much automatic (even when not 
only using debian packages) and things that you need some days to setup 
correctly (if you ever manage to do so).
And always think about the problems that you introduce with such things (and 
almost all you named have such).


Reply to: