On Wed, 2005-11-16 at 14:12, Lamar Owen wrote:
> The main reason I think sysadmins in general seem to hate SELinux is the
> 'Mandatory' part of 'Mandatory Access Control' : that is, superuser power is
> too addictive to get rid of, and SELinux can do away with 'superuser' powers
> entirely.
Not exactly. In my case I just realize that there are 30 years of
history behind expecting all unix access control to be in the
filesystem in the owner, group and modes of the files. It will
take a while to rewrite everything based on different assumptions,
and meanwhile things will mysteriously not work.
> AND THAT IS A GOOD THING. Yes, it really is. The buffer overflow
> exploit for those root-running daemons doesn't stand a chance even if it
> gains root, as long as the selinux policies are set properly.
We are talking about bugs here. Why are you so convinced that the
new code you just introduced to enforce this new policy does not
in fact introduce new bugs? Remember that old code that you
are trying to protect has many, many years of finding and fixing
exploits. They may in fact all be fixed now and you are just
setting up new ones that we don't know about yet with this change
regardless of how well-intentioned it is.
> I have been running Red Hat Linux on internet-facing servers for quite a
> while, now, and in my opinion and experience, SELinux is the best thing to
> happen to Linux since 0.13 was released.
Have you watched the changelogs to see if in fact any problems have been
found and fixed so far?
> The Real Root should take the time to configure in to the policies those
> things the Real Root would normally do (you know, things like backups and the
> like, along with other normal activities),
Speaking of backups, have you tested the method you use to make sure
it restores the attributes SELinux needs to work?
--
Les Mikesell
lesmikesell at gmail.com