On Wed, 2005-07-13 at 14:05 -0500, Les Mikesell wrote: > On Wed, 2005-07-13 at 13:22, Paul Howarth wrote: > > > My point was that there's no way of knowing what undiscovered > > vulnerabilities there are on your system, so having multiple layers of > > defences such as firewalls, mounting /var and /tmp partitions with > > noexec, selinux etc. all help to mitigate the risk. > > And the counterpoint to that is that we (most of us anyway) also > don't know what new problems selinux creates as it tries to > solve the old well known ones. Why is it that you accept on > faith that adding new code in the form of selinux is an improvement > while recognizing that you don't know about undiscovered vulnerabilities > in code that has been around for ages and has already had the obvious > things fixed? Of course there's the risk that there may be additional vulnerabilities introduced through the installation and use of SELinux. I just think that the benefits in terms of reduced risk from other vulnerabilities that may not be exploited in an SELinux environment outweigh the risks of the additional vulnerabilities being present. Other people may take a different view. In the end I just treat it as another layer of defence; I'm not thinking of SELinux as a magic bullet or something to replace other defences. I also try not to wear a tinfoil hat. There's a trade-off between security and usability and everyone needs to find a point where they're comfortable with the trade-offs they're making. I don't overly worry about cookies for instance; they serve a useful purpose for me. Other people clearly don't feel comfortable with them, and that's fine too if they're happy with the usability they're left with. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>