[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?

On Thursday 17 January 2008 09:53:59 Valent Turkovic wrote:
> Are you actually saying that SELinux is security silver bullet?
> If you know anything about security you know that there is no silver
> bullet in security is it always a trade off in usability vs. security.

Which we try to mitigate with "permissive" mode.

> A quick googleing showed that security experts see SELinux like a
> backdor and as a problem just waiting to happed, and they suggest

An even quicker search on Google reveals that RHEL5 with SELinux enabled and 
in enforcing mode has top security marks from the NSA, rivaled only by 
TrustedSolaris 10.

> "As a final note, I follow the logic of the grsecurity team, who claim
> that LSM and SELinux are backdoors waiting to happen."

Any program that provides security is a backdoor waiting to happen.  What is 
your point?  SELinux is meant to secure common exploits in other programs, 
such as Apache trying to write to /etc/passwd.  Could SELinux be vulnerable?  
Sure.  So could your keyboard driver.

-- Benjamin Kreuter

Attachment: signature.asc
Description: This is a digitally signed message part.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]