[OT] SELinux vs. other systems [was Re: [idea] udev + selinux]

Linas Vepstas linas at austin.ibm.com
Thu Sep 2 17:07:34 UTC 2004 

On Thu, Sep 02, 2004 at 10:15:20PM +1000, Russell Coker was heard to remark:
> On Wed, 1 Sep 2004 08:44, Linas Vepstas <linas at austin.ibm.com> wrote:
> > Every now and then, I look at SELinux, and I get scared away by its
> > complexity.  This complexity makes it very hard to audit, and assure
> 
> What auditing are you referring to?  Kernel code, application code, or policy?

policy.
 
> > oneself that its actually providing any real security, as opposed to
> > the illusion of security.  During this email thread, there are
> > references to mysterious rules that neither party in the conversation
> > fully understands; this scares me.
> 
> Which mysterious rules are you referring to?

I wasn't refering to them, the posters to the thread were.  Unfortunately,
I've already deleted those emails.

> labelled as device_t.  This means that there is no window of opportunity for 
> an attacker to access a device before it is correctly labelled.

OK.

Well, here's another idle question, again off-topic: Does SELinux provide 
any sort of assurances that storage media weren't tampered with between
reboots?  

For example, with BIOS/firmware getting more sophisticated over time,
there's potential for an attacker to break in, remotely, into
bios/firmware, shortly before booting into the OS, and then alter 
disk contents.  Yes, I know this is far-fetched, but was just curious.

What got me going on that thread was thinking about udev/hotplug again:
with devices coming and going, disappearing and re-appearing, it isn't
obvious that there wasn't tampering while the device was gone. 

Again, excuse me if this sounds naive, un-informed or far-fetched, 
or terribly off-topic, but: In ye olden days, viruses spread through 
diskettes.   These days, we're plugging-n-playing usb keychains,
cameras, ipods, bluetooth this-n-that; although I haven't heard of 
attacks carried out through these media, its not obivious that these
couldn't be carriers for an attack.

--linas

More information about the selinux mailing list