Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7]implementation of LSM hooks)

[Stephen Smalley]

On Mon, 2006-04-24 at 09:04 -0500, Serge E. Hallyn wrote:
> Quoting Alan Cox (alan@xxxxxxxxxxxxxxxxxxx):
> > Thus this sort of stuff needs to be taken seriously. Can SuSE provide a
> > good reliable policy for AppArmour to people, can Red Hat do the same
> > with SELinux ?
> 
> That's a little more than half the question.  The other 40% is can users
> write good policies.
> 
> I think it will, and already has, become easier for selinux.  But in
> this case I wonder whether some sort of contest could be beneficial.  We
> all know of Russel Coker's open root selinux play machines.  That's a
> powerful statement.  Things I'd like to see in addition are
> 
> 	a. a similar setup with apparmour
> 	b. a similar setup where "mere mortals" set up the selinux policy
> 
> For the first few rounds, rather than judge one way or the other, we
> could hopefully publish the results in a way to encourage a flurry of
> selinux policy tools - one of which may actually be useful.

Personally, I view such contests or challenge machines as meaningless.
At best, they can only show the presence of a flaw, never that the
system is "secure".  And the people most capable of breaking such
systems are not likely to go near such a play machine knowingly.  The
SELinux play machines were nice from an educational point of view,
allowing people to experiment with a SELinux system without needing to
install and set it up themselves, particularly in the days when SELinux
was not integrated into any distro.  But as a meaningful measure of
security, such contests or challenge/play machines aren't really useful.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/