Arthur Pemberton wrote:
On 6/28/07, Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx> wrote:
[snip]
A machine running current SELinux implementation is provably
less secure in some senses than one which is not.
I don't often agree with Rahul Sundaram, plus I get the feeling that
he doesn't like me. But I can't stand by and have you spreading this
kind of FUD, especially considering that you have admitted to _not_
using SELinux.
No fear. No uncertainty. No doubt. If that's what you meant.
Please show some geek pride and not speak on this matter since by your
own admission you have no recent experience with it.
Furthermore this claim of yours is extremely broad, and baseless.
It is neither of those. If you wish to continue this, please take
it to private e-mail.
I already gave instances published by the US Government which
demonstrate that machines which run SELinux are subject to attacks
which would not otherwise have succeeded. If that's not what is meant
by what I wrote, then I am hereby clarifying what I meant. In SOME
senses, a machine running SELinux is less secure than one which does.
In particular, there are security attacks which a machine without
SELinux will not suffer compromise from, and which a machine
running SELinux will suffer compromise from. These compromises
include password capture, among other things.
That's not fear, it's not uncertain, and it's not in doubt, unless
you think the govt. web sites are unreliable.
[snip]
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!