Robin Humble <rjh+luv@cita.utoronto.ca> wrote:
I see selinux as implementing bad practice. if daemons and apps aren't secure on their own then papering over that with a complex set of empirical behaviour checks isn't really going to help very much. in fact it's counter productive as it hides the real problems while adding complexity (ie. bugs) and a false sense of security.
No, not at all. I think defence in depth is entirely valid and useful: limiting the damage caused by an exploit through mandatory access controls does not paper over the underlying problem or relieve software authors of the responsibility to write secure applications. It just acknowledges that bugs can occur, and when they do, we need extra layers of protection from the operating system. MAC is just one of those mechanisms, and SELinux a comprehensive implementation of it.
have there been many (any?) real world examples of selinux stopping attacks?
yes. red Hat has documented them. There was an article published in which Red Hat noted that a significant proportion of vulnerabilities in Red Hat Enterprise Linux were such that SELinux restrictions would provide real protection