On Wednesday, September 01, 2010 18:29:13 JB wrote: > Please feel free to add some thoughts to my modest idea of the future > concept of security. Since you are apparently serious about this, let me try to help a little (remember, you asked for it! :-) ...): > This is my idea of the new security concept: > - it should be real-time (operating in a background) SELinux provides protection in realtime and operates in background. > - it should be modular in the sense of traditional small, single function, > and stand-alone UNIX utilities SELinux is as modular as the traditional UNIX permissions system and firewall system. Noone can really ask for more than that. > - it has to be simple to be acceptable and understandable by all sys admins > and users of UNIX/Linux systems SELinux is as simple as standard permissions system. All sysadmins and Linux users are already familiar with this concept, and should have no trouble understanding and accepting SELinux. > - it should be configurable: > - by sys admin and user (selectively) Any system-wide configuration is done by root, or delegated by sudo. SELinux is not different here than any other security system in Linux. > - at any time SELinux is configurable in realtime, as much as it is running in realtime. > - dynamically I am not sure what you mean by this, because "dynamics" in general refers to "changing in time", which is already covered above. > - it should show various diagnostics (alarms) in real-time, but never > interfere with or prevent a program from execution. SELinux shows alarms and diagnostics in realtime, and can be configured to run in permissive mode, thereby never interfering with anything. That said, I must comment that "never interfering" idea is very stupid, because the very first thing a successful attacker would do is to shut down all alarms and delete all previous ones. So, if your system is not compromised, you see no alarms. If your system gets compromised, again you see no alarms. In this state it is quite useless. The idea of a security system is to *actively* prevent intrusion, not just to detect it and inform the user. Detection-only system just doesn't make much sense. > - it should not interfere with / try to undo any present and standard > UNIX/Linux system security measures SELinux doesn't interfere with any existing security restrictions, it just adds new ones. > - it should be supplementary to existing UNIX/Linux system security SELinux is supplementary to all previous Linux system security, and also complementary, because it introduces security measures in places which were not under control before. > - it should be self-contained, installable and removable at any time, > without influencing the system No serious security system can run entirely in userspace, they are all implemented in the kernel. Standard UNIX permissions, firewall, SELinux, you name it. That said, SELinux and firewall can be enabled/disabled by root in a whim, while with the permissions system it is far from easy (to disable it one would need to do a filesystem-wide chmod and chown, while reenabling it afterwards is almost impossible). Bottomline --- as far as I can tell, SELinux satisfies all your requirements, and has an added benefit that it already exists, so no need to recreate it. My 2 cents. :-) HTH, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
