[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Attempts at security

Hendrik Sattler <debian@hendrik-sattler.de> writes:

> And everybody gets the SE Linux overhead if he wants or not? 
Which overhead does SE Linux impose to you?

> The current system does not give you perfect security but neither does
> adding SE Linux. Instead, you probably get annoying permission
> problems.
> Name a few guys that really likes to use this on a private machine and some 
> real-life improvements that it brings. Hint: "increased security" is not an 
> argument.

I consider "increased security" a very valid argument. The DAC security
model is quite outdated now and doesn't really match real world security
concerns most workstations are experiencing today!

> Not being able to change the cause to the better doesn't mean to
> introduce a mess to control the result.  And I really hope that Debian
> never considers installing+enabling selinux by default.

IIRC, debian/etch already does already install selinux today without you
even noticing it.

> And always think about the problems that you introduce with such things (and 
> almost all you named have such).

I can assure you that the Debian SELinux gurus do.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: