On Sunday, November 28, 2010 10:39:22 am Bob McConnell wrote:
Maybe not, but the risks should be evaluated on a case by case basis. I don't believe it can be considered a panacea either. Even with SE in full protected mode, a simple SQL injection flaw can still expose much of the sensitive data on your server.
That's when something like SEPostgreSQL can help. Yeah, SELinux controls in the database itself. See http://wiki.postgresql.org/wiki/SEPostgreSQL for more information.
If you have sensitive data, you need to be diligent. The people behind SELinux are the country's leading experts on information sensitivity and compartmentalization.
Yeah, that sort of control can be a pain, but if the data is truly sensitive you simply must take pains with it.
SELinux on the desktop is a great thing, too, especially if you want to thwart drive-by web bugs and such (you set your controls to not allow Firefox access but to specific areas of your home directory, and you set certain areas of your home directory off limits except to certain programs: you're worm-proof then, and, if you're careful, data-theft-proof). But that fine-grained control means you have to maintain those controls, and require due diligence.
It is and has always been a balance between convenience and security; truly tight security, which SELinux can give you in droves, is a time-consuming and not very convenient affair.
But if you think you're fully locked down without controls similar to SELinux, you are simply wrong, and an attacker will prove that to you one day. Firewalls are not enough by themselves. SELinux is likely not enough by itself; layers do the trick, so that when an exploit in one layer occurs the other layer catches it (and hopefully you find out about it).
Intrusion detection is good, but, once an intrusion is detected it might be too late, depending upon the intrusion. And intrusion 'signatures' (much like virus signatures) are no good at all against previously undetected threats. SELinux allows you (especially with permissive mode) to see the access footprint of an application, and tailor the security to the normal access footprint. Allow only what is normal, and it's much harder (not impossible) to exploit things.
No security is perfect; multiple layers of diverse security on multiple platforms helps immensely.