On Tue, 10 Sep 2013, Robin Humble <rjh+luv@cita.utoronto.ca> wrote:
...it didn't really, but... is anyone still a selinux fanboi after the recent NSA revelations?
Yes.
if so then (Russell, I'm looking at you :-) why are you still confident selinux is a good thing and not just something designed to be so complex or so subtly buggy that the NSA can hide backdoors in it?
http://etbe.coker.com.au/2013/07/23/security-is-impossible/ Firstly I've written some general thoughts about security at the above URL. Next if the NSA wanted to put some hostile code in the kernel then surely they would use a random gmail account to submit patches and not do anything bad under their own name. The so-called "revelations" aren't anything particularly exciting anyway. They merely confirm that some parts of the NSA recently started doing things that lots of people expected them to have been doing since the 90's.
there's already been one CVE where only those running selinux are vulnerable https://bugzilla.redhat.com/show_bug.cgi?id=517830 which at the time made me very happy I'd turned selinux off.
That was a theoretical vulnerability. Exploiting that relied on the presence of other buggy code that could be exploited, I don't recall any examples of such code being cited.
Android 4.3 has started using selinux. do we really trust android vendors to be on top of complex selinux configs or would we be better off with it err, off?
Given that Android systems tend to run for years without updates I think we want as many layers of security as possible.
(yes, I've had a few and yes, this is a troll, but I'd still like to know if anyone's ever fully read and understood the implications of every distro selinux rule and every selinux line in the kernel - giving unaudited power to 3 letter agencies is not a sane way forward...)
Apart from a few exceptions the SE Linux design is based on a default of deny and also is secondary to Unix permissions. SE Linux permits things that Unix permissions permit if there are specific rules for it. It's more difficult to go wrong with that sort of design. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/