Re: The price of SELinux (CPU)

From: Bill Davidsen
Date: Wed Oct 05 2005 - 14:39:48 EST

Next message: Al Viro: "Re: what's next for the linux kernel?"
Previous message: Eric W. Biederman: "[PATCH] x86_64: move apic init in init_IRQs (take 2)"
In reply to: Bill Davidsen: "Re: The price of SELinux (CPU)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieks@xxxxxx wrote:

On Tue, 04 Oct 2005 14:29:05 EDT, John Richard Moser said:

Aside from this, viruses and spyware and worms can now run rampant and
do what they want to his system, and other users' idiotic actions on a
multi-user system affect him. This is more user friendly? No, I think
it's going in the opposite direction. . . .

Virus writers are users too, you know. :)

And the other users are users as well - what if the other user's "idiotic
action" is to nuke your 500Mbyte archive of alt.binaries.pictures.llama.sex
that's taking up the disk space that is keeping him from running the payroll
software? In your world, rather than him being able to fix the problem, he has
to go find a sysadmin with the root password to fix it, causing delays and
being less friendly....

You seem to be intentionally trying to miss the basic point, which is that
any additional security ends up trading off against other things.

Non-execute stack is a Good Thing security-wise - but it breaks some code,
forcing upgrades and/or having to track down binaries and flag them as
"don't enforce NX stack". And then those binaries are still vulnerable....

SELinux is, in general, also a Good Thing. However, the fact that the policy
restricts what stuff can happen in the security context associated with
mail delivery (after all, you *don't* want arbitrary binaries running then, right?)
did some serious damage to the way I use procmail, which in some cases ended
up running other binaries. OK, so my .procmailrc *is* a 600-line monster that
does a lot of odd stuff - the point was that I had to add even *more* contortions
to the way it works, which is even less user-friendly....

Doesn't everyone have executables in their .procmailrc? Mine starts with a filter which may add one line to the mail header, quantifying exactly how badly it sucks. That's then used to take preemptive action against spam and other stuff I don't wnat or need to see.

That's a lot to give up.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: what's next for the linux kernel?"
Previous message: Eric W. Biederman: "[PATCH] x86_64: move apic init in init_IRQs (take 2)"
In reply to: Bill Davidsen: "Re: The price of SELinux (CPU)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]