Re: The price of SELinux (CPU)

[Valdis . Kletnieks]

On Tue, 04 Oct 2005 14:29:05 EDT, John Richard Moser said:

> Aside from this, viruses and spyware and worms can now run rampant and
> do what they want to his system, and other users' idiotic actions on a
> multi-user system affect him.  This is more user friendly?  No, I think
> it's going in the opposite direction. . . .

Virus writers are users too, you know.  :)

And the other users are users as well - what if the other user's "idiotic
action" is to nuke your 500Mbyte archive of alt.binaries.pictures.llama.sex
that's taking up the disk space that is keeping him from running the payroll
software?  In your world, rather than him being able to fix the problem, he has
to go find a sysadmin with the root password to fix it, causing delays and
being less friendly....

You seem to be intentionally trying to miss the basic point, which is that
any additional security ends up trading off against other things.

Non-execute stack is a Good Thing security-wise - but it breaks some code,
forcing upgrades and/or having to track down binaries and flag them as
"don't enforce NX stack".  And then those binaries are still vulnerable....

SELinux is, in general, also a Good Thing.  However, the fact that the policy
restricts what stuff can happen in the security context associated with
mail delivery (after all, you *don't* want arbitrary binaries running then, right?)
did some serious damage to the way I use procmail, which in some cases ended
up running other binaries.  OK, so my .procmailrc *is* a 600-line monster that
does a lot of odd stuff - the point was that I had to add even *more* contortions
to the way it works, which is even less user-friendly....

Attachment: pgp00000.pgp
Description: PGP signature