On Sat, 2005-11-19 at 14:02, Lamar Owen wrote:
So much for older and simpler is better; why don't we go back to VMS? It's substantially more secure than Linux (the Linux kernel and heritage is not 30 years old, because Linux is not Unix).
The VMS model isn't older and simpler than unix - it is more complex and around the same age.
It is slightly more complex, and demonstrably more secure.
system. People have had a choice between VMS and unix for a long time and VMS found a very small niche of popularity.
I have SIMH under Linux running OpenVMS Hobbyist 7.3 here. It's a fun system.
No, the kernel provides the mechanism of chroot, and has more or less forever. A policy of using it or not is left up to you. Simplicity in the kernel.
This is not unlike the mechanism of SELinux's RBAC/MAC being in the kernel (and not terriby complex; yes, more complex than chroot, but perhaps not as complex as netfilter), but the policy in userland.
The other typical answer to exploits is firewalling: pray tell where that policy is enforced.
The best place is on a separate box from anything that it should be protecting.
Regardless, it's in the kernel on that box, if that box is a linux box. Lots of people use netfilter, and it has not been without its own bugs. And it's pretty complex, and in the kernel.
But kernel versus userspace isn't going to get settled here; this isn't the microkernel-versus-monolithic-kernel mailing list. CentOS has a monolithic kernel that has loaded SELinux code, even if you set SELinux to be off. Netfilter code is in the kernel, whether you setup any iptables or not. The kernel is complex; even if the feature (SELinux) isn't enabled bugs in that code could theoretically get you. So turning it OFF (which isn't really off) versus permissive isn't really much. Otherwise you need to compile a kernel without it completely.
I don't think we're going to find any profound truths on either side of this discussion; I simply have issue with the automatic 'old admin's tales' to turn it off. And I have issue with the mindset of answering a question on a problem an interested user/sysadmin has with SELinux with 'just turn it off. It breaks too many things.' That is wrongthink.