On Sun, 2005-08-21 at 14:57 -0400, AragonX wrote: > Well, since SELinux and LIDS both provide ACLs, they offer basically the > same type of security. I do not believe it's possible or even reasonable > to have two ACL systems at the same time. With regard to LIDS vs. SELinux, LIDS meets the "administratively-defined security policy" property of mandatory access control but (last I looked) it lacked the ability to control all processes and objects and to base its security decisions on all security-relevant information. Thus, it couldn't enforce strong confidentiality or integrity properties on the system. It doesn't appear to have been designed to provide a general access control solution suitable for a general purpose OS. SELinux was designed and implemented to be suitable for a general purpose OS and to meet a wide range of security requirements, including the ability to enforce such confidentiality and integrity guarantees. LIDS isn't upstream (i.e. in the mainline kernel), which has implications for peer review, widespread testing, maintainability, and inclusion in major distros. It has been ported to LSM, which is certainly helpful, but the module itself is still not upstream. SELinux is upstream and has benefited from the wider peer review, testing, in-tree maintenance, and inclusion in distros as a result. LIDS lacks an extensible security framework for applications, so it doesn't provide the right foundation for building an overall secure system. Failing to consider application security needs is a classic fatal flaw of secure OSes of the past. SELinux provides such a framework, and this framework is already being used by applications in Fedora as well as upstream work on d-bus and X. LIDS is easier to configure. But what it can provide is much less. SELinux does not yet provide as easy of a user interface as LIDS. But don't confuse the user interface with the mechanism. SELinux provides the right mechanism for building a secure system, and one can construct better UIs on top of that mechanism (and work is ongoing in that space). The trick there is providing better UIs without sacrificing the ability to truly leverage the mechanism to its full potential. -- Stephen Smalley National Security Agency
