SELinux - a call for end-of-life.
JB
jb.1234abcd at gmail.com
Wed Sep 1 12:35:14 UTC 2010
Hi,
SELinux is a bad thing, concept- and design-wise.
It should be stopped now - it is a waste of resources, a blind alley.
The Linux community should stop receiving "gifts" (trojan horses) of that
nature.
There is no point of maintaining a SELinux-like monster that is on purpose so
complicated that it excludes all kind of "intruders", be it sys admins or
users.
It met rejection by many sys admins and users, thus defeating its own purpose
to secure our systems.
You hear:
... we are here to help you ... we will just provide all rules for you ...
... "relabel" the system (all you have to do is to reboot your machine)...
... you do not have to do anything ... just accept it... Do not worry, be
happy ! ...
This idea is so sick - any real sys admin wants to know her machine inside out,
it is the essence of her job, and to offer her a tool that she should better
not touch is preposterous. Many users want to have that knowledge too.
It is also against the free and open software ideals on which the Linux
community was built.
The "Relabel on next reboot" is a major design flaw.
"Select if you wish to relabel then entire file system on next
reboot. Relabeling can take a very long time, depending
on the size of the system. If you are changing policy types
or going from disabled to enforcing, a relabel is required."
It is so stupid. A cry to heaven.
The future is to do away with system restarts:
- due to kernel update (this is almost done with e.g. kexec in Linux)
- due to other system or application software updates
- due to SELinux-like system "relabeling"
- any other updates
The top brass of Linux community has by now a life-time experience of "what
works and what does not" and should be capable of initiating and rethinking
a new framework for security, for the community and not against it.
It will have a valuable support of that community.
Smart people, but sharing a common vision, should dedicate their brain and time
to it, instead of trying to maintain flawed and impractical software.
They should build a small group (in the background, far from "noice", far from
other "influences") to tackle a new concept of it.
Then selectively enlarge participation to others and Linux community.
This is my idea of the new security concept:
- it should be real-time (operating in a background)
- it should be modular in the sense of traditional small, single function, and
stand-alone UNIX utilities
- it has to be simple to be acceptable and understandable by all sys admins and
users of UNIX/Linux systems
- it should be configurable:
- by sys admin and user (selectively)
- at any time
- dynamically
- it should show various diagnostics (alarms) in real-time, but never interfere
with or prevent a program from execution.
At least that should be a default behavior.
- it should not interfere with / try to undo any present and standard
UNIX/Linux system security measures
- it should be supplementary to existing UNIX/Linux system security
- it should be self-contained, installable and removable at any time, without
influencing the system
I am sure others will add to and extend it, but in the spirit of improvement.
JB
More information about the users
mailing list