SElinux
Matthew Saltzman
mjs at ces.clemson.edu
Tue Apr 4 13:16:06 UTC 2006
On Tue, 4 Apr 2006, Mike McCarty wrote:
>
> Bad news: SELinux is *itself* something which reduces security.
Evidence-based claim? Any SELinux exploits in Bugtraq? Other
published expert analysis that backs you up?
> The more code you load, the more exploitable defects get loaded.
Fine as a generalization, but of course, all generalizations are false.
(Reductio ad absurdum: The only truly secure system is the one that never
got written--zero LOC ==> zero defects.)
I'm not by any means an SEL or security expert. (Are you?) But claims
like this need facts to back them up or they don't end up being very
persuasive.
> And SELinux isn't small.
This, at least, is empirically verifiable.
>
> Mike
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the users
mailing list