Dailydave mailing list archives

Re: In defense of Mandatory Access Control, was Re: No more Novell AppArmor?

From: Peter Busser <peter () adamantix org>
Date: Tue, 31 Mar 2009 10:26:36 +0200

Hi,

Of course it's more complex than running everything as root; enforcing
least privilege gets more complex the better you do it.


This is the pigglet with the wooden house saying that his house is more
secure against the attacks of the wolf than the straw house of the first
pigglet. But we all know how smart and well protected the second pigglet
really is.

Modern
operating systems and applications are inherently complicated.  But
that doesn't make them an inherently bad idea.


So you are argueing that security must be complex, "Because SELinux is
complex". Your claim that SELinux provides 'least privilege' security
can be easily dismissed with a long list of examples where it doesn't
provide least privilege at all.

You also fail to understand the interaction between MAC and DAC. MAC needs
DAC to fill in the (big) niches which MAC is unable to do anything about.
The very fact that you have to use DAC when you apply MAC is a sure sign
that the MAC system you are using is very coarse grained and inflexible.

"Make everything as simple as possible, but not simpler."
        -- Albert Einstein


The UNIX DAC is so succesfull because it is an intelligent system. True, it
is an inadequate intelligent system. It was designed to be used on
non-networked machines by trusted users. Both are becoming less common by
the day. But it still contains an internal beauty and consistency which
makes it the kind of simple system Einstein was talking about. SELinux and
other security models like it are lacking in those areas.

I predict that in, let's say, ten years noone will use SELinux anymore. The
same goes for AppArmor (which is very inadequate by any standard) and
systrace (which tries to provide security at the wrong level).

Groetjes,
Peter.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

In defense of Mandatory Access Control, was Re: No more Novell AppArmor? Travis (Mar 26)
- Re: In defense of Mandatory Access Control, was Re: No more Novell AppArmor? pageexec (Mar 28)
  - Re: In defense of Mandatory Access Control, was Re: No more Novell AppArmor? Travis (Mar 31)
- Re: In defense of Mandatory Access Control, was Re: No more Novell AppArmor? Peter Busser (Mar 31)