Feedback from Linux users about SELinux.
yersinia
yersinia.spiros at gmail.com
Thu Oct 15 07:29:22 UTC 2009
On Wed, Oct 14, 2009 at 5:09 PM, Matthew Ife
<deleriux at airattack-central.com> wrote:
> So, I did a brief unscientific survey regarding SELinux with my
> colleagues. The idea here is to work out what people see wrong or right
> with SELinux and when documentation is done what should our focus or
> priorities be in regards to it?
> To give you a bit of background respondents are all above average
> technically Linux experienced whom work for a hosting company offering
> amongst other things Linux based solutions of some sort either
> pre-packed or bespoke. All the people I asked have a procedural approach
> to security (not the type of thing tagged onto the end of a project line
> of thinking) and in general are open to security advise.
>
> Attached is the PDF document with the questions I asked - you'll have to
> forgive my decorating abilities!
>
> The questions I asked could be wrong, the people I'm asking might not be
> the "average" sample we could do with and admittedly the sample is way
> too small.
>
> So firstly on with the questions I asked and why I asked them:
>
>> If you installed Fedora regarding SELinux would you
>> a) Disable it on install
>> b) permissive on install
>> c) enforcing on install.
> The point with this question is to really just gauge what these peoples
> feelings are with it "out of the box". Do they run it or do they not and
> how does that compare with their ideas for the questions I asked below.
>
>> Why would you choose that option?
> So the idea behind this question was to find out what they liked or
> disliked about selinux which was enough of a motivator for them to turn
> it on or turn it off or disable it completely.
>
>> Specifically what is SELinux meant to do?
> Really what I wanted to find out here is what the people would consider
> SELinux as being able to achieve for them as well as a brief
> understanding of how much they know about SELinux.
>
>> Out of five, (five being very sufficient, 0 being completely
> insufficient) where would you put standard UNIX permissions (rwx,
> setuids and acls) for security on a machine? First for desktops second
> for servers.
> This question was meant to gauge the persons understanding of DAC and
> how they pit against the current major security threats. I.E "Do you
> find DAC is sufficient enough for securing your server".
>
>
> >From the data this is my analysis but my opinions are pretty biased as I
> already know all these people anyway. I'd love peoples feedback.
>
>
> None of the respondents had any insight into the pros/cons of DAC or
> MAC.
> All the respondents saw SELinux as a fine grained access control
> mechanism.
> The more respondents understood about SELinux the more they were likely
> to enable it.
> Currently servers would benefit from SELinux more than Desktops would.
>
>
> So from the very limited feedback I've got I would say:
>
> Peoples understanding of why MAC in some fashion is necessary is limited
> or none existent. There should probably be some good argumentative cases
> for why DAC is not able to adequately contain a security breach or
> threat and what SELinux MAC is ready to do about it. Perhaps a wiki page
> that explains what DAC and MAC is - giving examples, what the current
> security trends and threats are against your systems and what both can /
> cannot do to mitigate them.
>
For the first question this is the classic paper that explain why a
MAC is necessary for an OS -
http://jya.com/paperF1.htm
For the second point this is the "selinux mitigation new" from tresys
http://www.tresys.com/innovation.php
n any case should be made clear that a MAC-level policy applied to a
Web application does not protect applications itself in general, but
the web server / application server/web application in some particular
case - depends by threats (e.g. BOF versus XSS for example, defacing
versus sql injection ) - but in first place the operating system that
hosts them. For the issues dealt by OWASP it is necessary, ALSO, to
have a web application firewall like mod_security. IMHO, the most
prudent approach is to use mod_security and SELinux, both.
For what regard the DOS attack MAC may or may not help, it depends.
For example, if there is an application problem for which a certain
sequence of commands can lead to application termination, and should
not happen, the MAC can do little or nothing.
Best Regards
> People envision SELinux as a access control system. Documentation on
> type enforcement (perhaps with examples analogous to DAC) would be
> beneficial.
>
> In addition personally I would say most sysadmins are totally missing
> fundamental security understandings (what is a subject, what is an
> object, what is DAC what is MAC etc) and this means they are unable to
> appreciate what SELinux is trying to accomplish. Also I believe
> sysadmins do not consider containment of a security breach and spend
> much of their effort attempting to prevent it in the first place.
>
> Well, thats probably more than I can prune on the whole thing i've got.
> I might be perhaps looking way too much into the information I have and
> would recommend people make up their own minds based off of the
> information I supplied.
>
> The goal here is to find out what peoples vision of SELinux is (either
> right or wrong) and what can be done to help correct it.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the selinux
mailing list