On Fri, 2007-09-21 at 09:44 +0100, Andy Green wrote: > Somebody in the thread at some point said: > > On Fri, 2007-09-21 at 11:47 +0530, Rahul Sundaram wrote: > >> Ralf Corsepius wrote: > >> > >>> If SELinux was transparently working (Which it doesn't on Fedora on many > >>> situations), nobody would name it "infection". > >> Pretty much every security solution has had a history of such problems. > > Well, then better acknowledge these facts and stop reiterating RH's > > marketing slogans. > > > > Many Fedora users, have had encounters/clashes with SELinux, so at least > > this group of people knows that SELinux has not matured to a stage that > > it is working transparently. We _know_ that SELinux can prevent systems > > from operating, no matter what RH marketing wants to tell us. > > Well "many" is hard to quantify compared to using it for "many with > problems" and the completely silent majority I think we will find, of > "many without problems" nowadays. No disagreement. IMO, it's basically a matter of complexity of an existing installation which causes SELinux to interfere and cause faults - The essential question to answer would be: Why does SELinux cause such breakdown. Fundamental SELinux design flaw? Fedora SELinux policy maintainer oversight? Lack of maturity? I don't know the answers. Probably something inbetween all of them. > > acceptable and usable shape. Still you will find many people who switch > > firewalls off, on certain situations (I do so on my home network's > > clients. My server has them turned on). > > It's obviously up to you how you deal with that, but I strongly believe > that you can't inherently trust machines on any internal network any > more than those outside. Absolutely. It's just that I consider my own network and its users to be sufficiently trustworthy to run these machines without a firewall on each of them enabled. It's actually is quite simple. As always when it comes to security, users need to decide when to compromise between "negligent carelessness" and "paranoia" and to find a suitable compromise with security measure. Some people will want to live in an atomic bunker with filtered air, 2 years of food supply in storage and won't leave their home without an armored guard. Others will want to live naked in a jungle full of poisonous animals and violent warriors around - Most people won't do either ;) It should be up to the user to decide which precautions to take and which risk they want to tolerate. - SELinux, Firewalls, read-only file-systems, encrypted file-systems etc. all are aiming into the same direction. > There was an interesting thread about this on > Full Disclosure the other week with some guy going on about how he would > heroically jump in the way of any foreign "cyber attack" from boxes in > $COUNTRY and lend his powers to repelling it, etc. A guy replied > shortly pointing out that the attack comes from the machine next to you, > not some easily identified foreign box. ACK, the real damaging attacks are caused from inside of a network or the user himself. That's the point where at least I perceive SELinux's most noteworthy achievement to be "self-protection" and "protection against the distro itself misbehaving" - Not protection against external attackers. Ralf