Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: SElinux
From: Matthew Saltzman <mjs@xxxxxxxxxxxxxxx>
Date: Tue, 4 Apr 2006 09:16:06 -0400 (EDT)
In-reply-to: <4432181F.3050800@xxxxxxxxxxxxx>
References: <442F144D.1010601@xxxxxxxxx> <1143936629.1432.77.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <f84880b00604011748y7b392311q8a48976f84213c5a@xxxxxxxxxxxxxx> <1143947511.1432.105.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.64.0604020605390.25662@xxxxxxxxxxx> <1143990250.7569.40.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1143992064.2878.12.camel@xxxxxxxxxxxxxxxxxxxx> <1143993947.7569.64.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <a937d2190604021608u47f26aw2a60f8093a8ad298@xxxxxxxxxxxxxx> <20060403072156.GP31486@xxxxxxxxx> <1144049647.19913.8.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <e0qm9g$fq7$1@xxxxxxxxxxxxx> <Pine.SOC.4.61.0604031343330.12526@xxxxxxxxxxxxxxxxxxxxx> <4432181F.3050800@xxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On Tue, 4 Apr 2006, Mike McCarty wrote:


Bad news: SELinux is *itself* something which reduces security.

Evidence-based claim? Any SELinux exploits in Bugtraq? Otherpublished expert analysis that backs you up?

The more code you load, the more exploitable defects get loaded.


Fine as a generalization, but of course, all generalizations are false.

(Reductio ad absurdum: The only truly secure system is the one that nevergot written--zero LOC ==> zero defects.)

I'm not by any means an SEL or security expert. (Are you?) But claimslike this need facts to back them up or they don't end up being verypersuasive.

And SELinux isn't small.


This, at least, is empirically verifiable.


Mike


--
		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

References:
- SElinux
  - From: Caser
- Re: SElinux
  - From: Craig White
- Re: SElinux
  - From: Kam Leo
- Re: SElinux
  - From: Craig White
- Re: SElinux
  - From: Benjamin Franz
- Re: SElinux
  - From: Craig White
- Re: SElinux
  - From: Tim
- Re: SElinux
  - From: Craig White
- Re: SElinux
  - From: Jacques B.
- Re: SElinux
  - From: Eugen Leitl
- Re: SElinux
  - From: Craig White
- Re: SElinux
  - From: Robert Nichols
- Re: SElinux
  - From: Matthew Saltzman
- Re: SElinux
  - From: Mike McCarty

Prev by Date: Re: Photo Album under FC-5 ?
Next by Date: Re: SElinux
Previous by thread: Re: SElinux
Next by thread: Re: SElinux
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]