Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Llu, 2006-04-24 at 07:56 -0500, Serge E. Hallyn wrote:
> By the way, this is predicated on the assumption that the broken
> security will cause the user to expose more data.  However in many cases
> these days, that is sadly not the case.  Amazon will store my cc data
> regardless whether they are running selinux, apparmor, or nothing.

There I disagree. They will store your CC data in a manner that is held
to be reasonable depending on the technology and risk. If "nothing" was
the security available (eg if the US had won the Bernstein case) then
you'd be phoning them to complete your order versus using https://

They are constrained by economic pressures not to screw up, strongly
amplified by the size of the class action lawsuit if their security
policy was found by most experts to be inadequate (ie negligent).

For end users the threat is probably loss of credit cards, pay pal and
other accounts for the moment, plus being used for zombie attacks. At
the moment nobody knows where the 'negligence' line is for not
maintaining your PC systems securely and as a result harming others.

The theoretical bad case is someone with more a militaristic agenda
deciding it would be fun to irrevocably lock every hard disk on every
computer in a US locale.

Thus this sort of stuff needs to be taken seriously. Can SuSE provide a
good reliable policy for AppArmour to people, can Red Hat do the same
with SELinux ?

Note I don't care about whether apparmour is integrated. If the code is
good and it can be shown it works then fine.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux