Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 24 Apr 2006, Serge E. Hallyn wrote:

Quoting Alan Cox ([email protected]):
Thus this sort of stuff needs to be taken seriously. Can SuSE provide a
good reliable policy for AppArmour to people, can Red Hat do the same
with SELinux ?

That's a little more than half the question.  The other 40% is can users
write good policies.

I think it will, and already has, become easier for selinux.  But in
this case I wonder whether some sort of contest could be beneficial.  We
all know of Russel Coker's open root selinux play machines.  That's a
powerful statement.  Things I'd like to see in addition are

One key difference between SELinux and AppArmor is that AA is _not_ designed to protect against the actions of root, it's designed to block attacks that would let someone become root.

becouse of this strategy it's far simpler to configure becouse you do not have to do all the work to control root. This also limits what it can defend against, and so it's not 'perfect security' (and after all there is only one way to get 'perfect security' http://www.ranum.com/security/computer_security/papers/a1-firewall/ ), but AA is still a useful tool.

the 'hard shell, soft center' approach isn't as secure as 'full hardening' (assuming that both are properly implemented), but the fact that it's far easier to understand and configure the hard shell means that it's also far more likly to be implemented properly.

remember that it's not really a matter of people deciding not to write SELinux policies and instead do AA, it's a matter of people deciding to use AA instead of doing nothing.

David Lang

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux