10 Sep
2013
10 Sep
'13
2:36 a.m.
Trent W. Buck <trentbuck@gmail.com> wrote:
Robin Humble <rjh+luv@cita.utoronto.ca> writes:
Android 4.3 has started using selinux. do we really trust android vendors to be on top of complex selinux configs or would we be better off with it err, off?
If you're running Frobozz distro and you don't trust Frobozz, Inc. to get security right, maybe you should pick a different distro.
Agreed. further, turning SELinux off is going to make security worse, because in that case no mandatory access controls are applied at all. Even if there's a bug in a policy that permits an operation which should not be allowed, the policy is still going to prevent numerous other potentially undesirable accesses.