Les Mikesell wrote:
On Wed, 2005-07-27 at 14:24, Mike McCarty wrote:
[snip]
Since the issue of how the "malware" gets onto my machine
is completely bypassed, I consider the answer given in the
FAQ to be, well, significantly incomplete.
"Unknown vulnerabilities" are a reason assumption for any code. Over
the years many have been found and fixed in programs included in
Linux distributions. The most common involve buffer overflows
that allow something sent over the network to be executed
accidentally by a program that that was supposed to be doing
something else.
I am aware of the Internet Worm.
And augmenting the answer with "We don't know how it might
get onto your machine" is, IMO, not an adequate answer. It
begs the question.
No, you should expect your software to include bugs. It is
impossible to prove that it doesn't.
Which is precisely the reason for my question. The more
software I introduce into my machine, the more places there
are for exploitable defects.
What I mean is, I ask "Why should I run selinux?" The answer
then seems to be "We don't know, but if you don't bad things
might happen to your system due to malicious programs."
A better question is why you should not apply the same logic to
the relatively new code in selinux. That is, assuming you
should not completely trust code that has been around for
a long time and has had bugs exposed and fixed may be reasonable,
but then why should you trust selinux not to introduce new bugs
and vulnerabilities of its own?
I made this point in another post at one time, about having
to keep after my engineers (when I was a lead) not to introduce
"features" not in the requirements spec. Just more places
for defects to hide.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!