[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



On Thursday 17 January 2008 09:53:59 Valent Turkovic wrote:
> Are you actually saying that SELinux is security silver bullet?
> If you know anything about security you know that there is no silver
> bullet in security is it always a trade off in usability vs. security.
>

Which we try to mitigate with "permissive" mode.

> A quick googleing showed that security experts see SELinux like a
> backdor and as a problem just waiting to happed, and they suggest
> UNINSTALLING SElinux!

An even quicker search on Google reveals that RHEL5 with SELinux enabled and 
in enforcing mode has top security marks from the NSA, rivaled only by 
TrustedSolaris 10.

> "As a final note, I follow the logic of the grsecurity team, who claim
> that LSM and SELinux are backdoors waiting to happen."
>

Any program that provides security is a backdoor waiting to happen.  What is 
your point?  SELinux is meant to secure common exploits in other programs, 
such as Apache trying to write to /etc/passwd.  Could SELinux be vulnerable?  
Sure.  So could your keyboard driver.

-- Benjamin Kreuter

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]