Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

On Maw, 2006-04-18 at 09:50 -0700, Gerrit Huizenga wrote:
> > [1] http://www.ranum.com/security/computer_security/editorials/dumb/
> 
> Interesting but I'm not impressed by the article.  I think Stephen's

Its really a quick summary of ideas, and you need to read other stuff
beyond it to treat it as more than a "wakey wakey" piece. I'd also
suggest reading Ross Andersons work on the economics of computer
security if you haven't already.

> machine, these two approaches start to converge.  In the end it always
> comes down to "how much security are you prepared to endure, given
> that security almost always limits user capability".

You need to define "you" in the above to start with. Thats very
important in the sense that SELinux is capable of protecting systems
from their users to an extent (users are remarkably resourceful little
critters). The big goal in the Fedora case is that users don't notice
the security. 

> or are there places where a "less than perfect, easy to use, good enough"
> security policy?  I believe there is room for both based on the end
> users' needs and desires.  But that is just my opinion.

Poor security systems lead to less security than no security because it
lulls people into a false sense of security. Someone who knows their
house is insecure doesn't keep valuable items in it. Someone who thinks
their house is secure but it is not increases the risk not decreases it.

Doing good security is hard, and it does need to be from a "default
deny" basis. Ask anyone at IBM who remembers the default PATH starting
"." in AIX. Removing that was a move from default allow to default deny.
Nobody today would consider it anything but sane. Ditto the default
firewall on most Linux distros is 'default deny', something I did from
day one with Lokkit.

A security system that merely looks good is as useful as a database that
looks pretty but doesn't always store the data you asked it to, and
probably more dangerous.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: "Bernhard R. Link" <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: "Serge E. Hallyn" <[email protected]>

• References:
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Gerrit Huizenga <[email protected]>

• Prev by Date: Re: [RFC: 2.6 patch] net/netlink/: possible cleanups
• Next by Date: [PATCH] -mm: make pmtmr_ioport __read_mostly
• Previous by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
• Next by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]