Mike McCarty wrote:
Rahul Sundaram wrote:
Mike McCarty wrote:
No, that was not my argument. My argument is that people are
commenting from a position of conjecture. There is no scientific
conclusive study showing that SELinux unarguably improves
security of machines.
There is. SELinux is MAC security framework and is based on scientific
studies over decades which clearly show their advantages. Again read
some of the work at NSA SElinux site.
Mandatory Access Control is not a thing, it is a technique. SELinux
is a thing, which may or may not be a good implementation of MAC.
There is lots of good evidence that SELinux is a good implementation. An
example of this is LSPP and RBAC certification of RHEL 5 based on
SELinux technology. You have zero practical experience with it.
I have already demonstrated that I have looked, I just disagree
with you.
You haven't demonstrated that you looked at any of the research since
you made obviously incorrect speculations about it in your earlier mails.
It is faith that SELinux will survive at all.
This is too broad a statement and speculative to be meaningful.
Erm, ADDING SELinux was an intrusive effort, which is now difficult
to undo.
Nobody claimed it was easy to introduce a fundamental new security
paradigm. You just prove my point that the effort to not install SELinux
libraries offers pretty much no advantage over merely enabling or
disabling it as required.
Rahul