Ralf Corsepius rc040203@freenet.de wrote:
Sent: Aug 31, 2010 8:43 AM To: users@lists.fedoraproject.org Subject: Re: SELinux
On 08/31/2010 05:32 PM, Bruno Wolff III wrote:
On Wed, Sep 01, 2010 at 00:14:09 +0900, Takehiko Abekeke@gol.com wrote:
;;; sorry other one goes straight to you
Linus is not exactly famous for his ability to understand security concepts. I find the fact your argument is produced by google and cut/paste rather than technical material ... enlightening
Well, please educate me. All I hear from advocates is "more security" without a concrete example. You mentioned the danger of emails get stolen without SELinux. Please give me the scenario. So we can gauge the risk.
If you read email you need selinux. If you read email with a client that fires up plugins to read special content (e.g. html, pdfs, flash) then you really need selinux.
If you use a web browser to view more than a short list of trusted sites, you need selinux.
If you run network services accessible from outside the machine then you need selinux.
If you run binaries from semitrusted groups (this includes most commercial software) then you need selinux.
You don't _need_ SELinux in any such cases.
I disagree, but that is just my nature. If you wander off onto a malware site, you really need SeLinux in that case.
SELinux is aiming at catching malfunctioning/misbehaving programs and _may_ prevent damage in use-cases such as those you list.
However, SELinux also causes mal-functions and prevents applications from operating properly. Semi-educated tweaking SELinux may even cause further damage up to rendering systems completely unusable.
To me this means: If the defaults work, use it. If it doesn't, switch it off, otherwise you might easily shoot yourself into the foot.
If you don't know what you are doing with SeLinux it is very easy to misconfigure it and lock up a system. If you don't know what you are doing, now is the time to ask for help, not trapse off and try it on your own. SeLinux is VERY unforgiving and that is what most people fear about it. Remember, it is a Security system first.
That is why folks are so scared of it. Sort of like the 'big black cave reported to have a big black bear in it.' Bring a flashlight (knowledge) and you are ok. Walk in without one, and you are lunch (and so is your system.)
Yes, you should have SeLinux or some other security system installed on any system that is connected to the Internet. It is the 'big black cave' we all should respect, not fear.
James McKenzie
On 08/31/2010 06:27 PM, James Mckenzie wrote:
Ralf Corsepiusrc040203@freenet.de wrote:
Sent: Aug 31, 2010 8:43 AM To: users@lists.fedoraproject.org Subject: Re: SELinux
On 08/31/2010 05:32 PM, Bruno Wolff III wrote:
On Wed, Sep 01, 2010 at 00:14:09 +0900, Takehiko Abekeke@gol.com wrote:
;;; sorry other one goes straight to you
Linus is not exactly famous for his ability to understand security concepts. I find the fact your argument is produced by google and cut/paste rather than technical material ... enlightening
Well, please educate me. All I hear from advocates is "more security" without a concrete example. You mentioned the danger of emails get stolen without SELinux. Please give me the scenario. So we can gauge the risk.
If you read email you need selinux. If you read email with a client that fires up plugins to read special content (e.g. html, pdfs, flash) then you really need selinux.
If you use a web browser to view more than a short list of trusted sites, you need selinux.
If you run network services accessible from outside the machine then you need selinux.
If you run binaries from semitrusted groups (this includes most commercial software) then you need selinux.
You don't _need_ SELinux in any such cases.
I disagree, but that is just my nature.
I guess you were a helmet and a bullet-proof vest?
SCNR.
If you wander off onto a malware site, you really need SeLinux in that case.
Well, I guess you know that SELinux is only available on Fedora? (Yes it's in other distros kernel's, too, but I am not aware about any other major distro shipping a preconfigured rule-set)
SELinux is aiming at catching malfunctioning/misbehaving programs and _may_ prevent damage in use-cases such as those you list.
However, SELinux also causes mal-functions and prevents applications from operating properly. Semi-educated tweaking SELinux may even cause further damage up to rendering systems completely unusable.
To me this means: If the defaults work, use it. If it doesn't, switch it off, otherwise you might easily shoot yourself into the foot.
If you don't know what you are doing with SeLinux it is very easy to misconfigure it and lock up a system.
That's what I had wanted to express.
If you don't know what you are doing, now is the time to ask for help, not trapse off and try it on your own.
Well, my view is a bit different: SELinux in it's current shape on Fedora is not end-user suitable.
This is not a problem for professional sys-admins, but it is a problem for "home users" and "occasional users".
Ralf
On Tue, 2010-08-31 at 19:30 +0200, Ralf Corsepius wrote:
Well, my view is a bit different: SELinux in it's current shape on Fedora is not end-user suitable.
Really? I haven't found it to get in the way of ordinary user activities, it's rare to see any alert. It might get in the way of newbie admins playing with servers, though.
On 09/01/2010 01:39 PM, Tim wrote:
On Tue, 2010-08-31 at 19:30 +0200, Ralf Corsepius wrote:
Well, my view is a bit different: SELinux in it's current shape on Fedora is not end-user suitable.
Really? I haven't found it to get in the way of ordinary user activities, it's rare to see any alert.
Single user desktop system, without special configuration, I suppose?
That's the only kind of situation SELinux was not immediately causing malfunctions for me.
It might get in the way of newbie admins playing with servers, though.
Not necessarily. No other distro but Fedora currently has SELinux preconfigured and even there things change almost by the day.
Ralf
Tim:
Really? I haven't found it to get in the way of ordinary user activities, it's rare to see any alert.
Ralf Corsepius:
Single user desktop system, without special configuration, I suppose?
No. I configure things, install things, try things out, I even run web servers, and mail servers, without coming a cropper of SELinux.
And ordinary users who just switch on, log in, browse, email, word process, the usual stuff that people who use a computer, rather than play and fiddle around with, shouldn't even be aware that it's there.
Quite some time ago, probably a year or so, I can remember occasionally some update would upset the apple cart, and something would stop working properly. But then the next update would fix it. That's not really much different from any other bug, whether it be a faulty program crashing all by itself, or something getting whacked by SELinux for getting naughty. They crop up from time to time, and most users can't resolve any of them by themselves (i.e. actually repair the bug). They resolve them by updating to repaired packages.
I do see occasional SELinux alerts for things in the background, but they haven't stopped me using the computer, nor even noticeably stopped something else from working. The only ones logged on this laptop are to do with gconf trying to read some configuration files. And the only gconf issue I know of on this laptop is that I can't make the screen saver lock by hitting CTRL+ALT+L. Nothing happens, but that's been an on-again/off-again bug with Linux and my computers over several years. It works on one release, it does nothing on another, it works but stops working if I customise some aspects of gconf...
The last thing I can recall badly breaking, until the next update, was Google Earth. Back in the Fedora 9 vintage.
-
James McKenzie -
Ralf Corsepius -
Tim