On 12/7/10 8:28 PM, Marko Vojinovic wrote:
I think you've missed the point that 'all that stuff' (being traditional unix security mechanisms) are not all that insecure. It is only when you get them wrong that you need to fall back on selinux as a safety net. And if you can't get the simple version right, how can you hope to do it right with something wildly more complicated?
My comment was ironic --- the point is that if you decide you don't need one security layer, why don't you decide that you actually don't need another, and another, and... all of them?
Well, one reason might be that you've used those other standards-ratified layers for decades and the only problems you've ever had were caused by stupid programming. So you don't expect adding another layer of programming that isn't standardized across platforms to solve all your problems.
Disabling SELinux is the same type of decision as disabling the firewall --- it's there to protect you, yet you don't know how to properly configure it and use it, furthermore you don't want to bother to learn, so you simply disable the thing that's getting in your way and preventing you from doing what you want (which is typically very stupid securitywise, but ignorant don't care anyway...).
Or you might use a hardware firewall platform so you don't have to deal with all the bizarrely different ways every system you touch handles software firewalling.
And I could argue that iptables configuration is at least equally complex as SELinux configuration.
Agreed, and something that equally needs standardization.
So I would expect the admin who disables SELinux by default to also disable the firewall by default --- they both get in your way, especially if you use some 3rd party software that requires both of them to be custom-configured.
No, I would expect the admin who disables SELinux to be managing thousands of machines, many different OS versions, with programs from hundreds of sources running on them, with those hundreds of software sources not catering to the non-standard needs of one particular platform.
But I don't see anyone suggesting that disabling the firewall would be a good idea, so why disable SELinux then? Once you go down the "I don't need this security layer" road, where do you stop, and why?
Anyone who started before SELinux was around is probably quite comfortable without it. And perhaps the same for iptables or software/host based firewalls, though not firewalling in general.