On Thu, Sep 02, 2004 at 10:15:20PM +1000, Russell Coker was heard to remark:
On Wed, 1 Sep 2004 08:44, Linas Vepstas <linas(a)austin.ibm.com>
wrote:
> Every now and then, I look at SELinux, and I get scared away by its
> complexity. This complexity makes it very hard to audit, and assure
What auditing are you referring to? Kernel code, application code, or policy?
policy.
> oneself that its actually providing any real security, as
opposed to
> the illusion of security. During this email thread, there are
> references to mysterious rules that neither party in the conversation
> fully understands; this scares me.
Which mysterious rules are you referring to?
I wasn't refering to them, the posters to the thread were. Unfortunately,
I've already deleted those emails.
labelled as device_t. This means that there is no window of
opportunity for
an attacker to access a device before it is correctly labelled.
OK.
Well, here's another idle question, again off-topic: Does SELinux provide
any sort of assurances that storage media weren't tampered with between
reboots?
For example, with BIOS/firmware getting more sophisticated over time,
there's potential for an attacker to break in, remotely, into
bios/firmware, shortly before booting into the OS, and then alter
disk contents. Yes, I know this is far-fetched, but was just curious.
What got me going on that thread was thinking about udev/hotplug again:
with devices coming and going, disappearing and re-appearing, it isn't
obvious that there wasn't tampering while the device was gone.
Again, excuse me if this sounds naive, un-informed or far-fetched,
or terribly off-topic, but: In ye olden days, viruses spread through
diskettes. These days, we're plugging-n-playing usb keychains,
cameras, ipods, bluetooth this-n-that; although I haven't heard of
attacks carried out through these media, its not obivious that these
couldn't be carriers for an attack.
--linas