Re: [RFC][PATCH 0/11] security: AppArmor - Overview

[Stephen Smalley]

On Mon, 2006-04-24 at 21:25 -0700, Casey Schaufler wrote:
> 
> --- Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> 
> 
> > Seems like a strawman.  We aren't claiming that
> > SELinux is perfect, and
> > there is plenty of work ongoing on SELinux
> > usability.  But a
> > fundamentally unsound mechanism is more dangerous
> > than one that is never
> > enabled; at least in the latter case, one knows
> > where one stands.  It is
> > the illusory sense of security that accompanies
> > path-based access
> > control that is dangerous.
> 
> I suggest that this logic be applied to
> the "strict policy", "targeted policy",
> and "user written policy" presentations
> of SELinux. You never know what the policy
> might be.

Whatever policy you have, that policy is at least analyzable, and tools
exist for analyzing it for information flow as well as for direct
relationships.  In the absence of complete mediation and unambiguous
identifiers, you can't do any analysis at all, so you never know whether
you have achieved your goal.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/