On Mon, 2006-04-03 at 10:25 +0200, Eugen Leitl wrote: > On Mon, Apr 03, 2006 at 12:34:07AM -0700, Craig White wrote: > > > if Windows exploits are any indication, it is primarily desktop systems > > which are the target for malware that infects the system for nefarious > > No disagreement. > > > purposes. Why? Because the users are often not knowledgeable, run with > > elevated privileges, travel to web sites that attempt every conceivable > > exploit in a plethora of scripting languages, etc. > > Yes. But more packages -- more opportunities for SELinux/RSBAC/grsecurity > to break your system. If a user has to choose between a secure or a functional > system, he will choose the one that works. > > > The policy updates from Fedora have been frequent and are automatically > > installed/applied > > Empirically, I had SELinux breaking services on my desktop. It is > hard enough to keep the system running in Fedora Core land as it is. > No need to extra handicap. > > It is reasonable for a sysadmin to craft and review security policy > on a stable (=static) server with few packages installed and few > services offered. Especially, if you're paid to do it. > > Trying to do this on a rapidly evolving desktop with a rich set > of packages, most of them pulled in from a dozen of depositories > run by people with not very high stability standards (FC is bleeding > edge, after all) is a) not something most people enjoy b) takes > more time that most people have, especially if it's a hobby. ---- I guess it's a throw out the baby with the bathwater thing. What you call 'break your system' really is nothing more than SELinux blocking attempts by programs to accomplish tasks which they would have no problem doing if SELinux were set to 'off' or at least 'permissive' mode. That seems to be an over reaction. Yes, it does require some effort on the user part to remove the SELinux 'block' Yes, life is simpler for a user to simply set SELinux to 'off' or 'permissive' I would submit that Microsoft Windows offers a simpler environment for the user where security is less. If by extension, the goal is to provide an easier Linux system for the user to use, why wouldn't he just log in as root? It sure would make things easier for udev if users logged in as root. Why quit there? Why not simply do '/sbin/service iptables stop' ? The real problem that I see with SELinux is the use of language tokens which aren't natural language which on the surface makes it appear overly complex. Craig