NSA motives

alex at milivojevic.org alex at milivojevic.org
Tue Jul 5 15:42:56 UTC 2005 

Quoting Stephen Smalley <sds at tycho.nsa.gov>:

> There is quite a bit of work ongoing to help solve that problem
> (understanding and configuring SELinux policies effectively).  SELinux
> doesn't create complexity, it just reveals it and allows you to control
> it.  The SELinux mechanism itself isn't very complex; the complexity
> comes in trying to specify what you want to allow to happen on your
> computing system, because of the highly complex interactions of existing
> software on that system (not because of something added by SELinux).
> Classic case of blaming the messenger - SELinux tells you about all of
> the complex activity on your system and forces you to think about what
> you want to allow to happen, so you blame it for creating complexity tht
> was already there...

Sorry, it wasn't my intention to blame the messanger.  All I wanted to 
say (and
as usually badly expressing myself) was that making system secure is a complex
task.  Simply having SELinux enabled on the system does not make the system
ultimately secure.  Making changes to default policies without fully
understanding what the changes will introduce just makes it even less secure.

Example: On several Linux-end-users type of lists I already saw posters with
good intentions giving advice to include this or that rules into the policy to
solve various problems, just to have other people screeming in replies that
those including such rules into their policy could just as well disable 
SELinux
completely with about the same effects.

If somebody Googles around to find solution to the specific problem and finds
advice to do "chmod -R a+rw /", (s)he is not likely to actually do it.  On the
other hand, there is many more people that will include some random set of
rules into their SELinux policy, giving application(s) way more access then
they really need.  Nothing to do with SELinux as such, and it would be 
wrong to
blame it.  But rather with human nature (which is the weakest link of any
security system).

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the selinux mailing list