On Wed, Jan 4, 2012 at 8:12 PM, Bennett Haselton bennett@peacefire.org wrote:
Yes, the totality of SELinux restrictions sounds like it could make a system more secure if it helps to guard against exploits in the services and the OS. My point was that some individual restrictions may not make sense.
There is a wrong premise here as well. The idea of SELinux is "if it is not known to be safe/necessary, restrict it", regardless of whether that restriction "makes sense" or not.
Even if my random password generator has nonrandomness which takes away 20 bits of randomness from the result, your odds of guessing it are still only 1 in 10^15 -- not so worrisome anymore.
Look, people are perfectly free to believe that 12-char passwords are insecure if they want. Nobody's stopping you, and it certainly won't make you *less* secure, if it motivates you to use to ssh keys. Again, my problem was that the "passwords" mantra virtually shut down the discussion, and I had to keep pressing the point for over 100 messages in the thread before someone offered a suggestion that addressed the real problem, which is exploits in the web server and the operating system.
The real point which you don't seem to have absorbed yet, is that it doesn't work to count on some specific difficulty in the path of an expected attack. The attacker will use a method you didn't expect. You are right that there is a low probability of a single attacker succeeding starting from scratch with brute force network password guessing on a single target. But that doesn't matter, does it?