Keeping SELinux on (was Attention: Proprietary video driver users (ATI, Nvidia, etc.))
Olivier Galibert
galibert at pobox.com
Thu Feb 23 17:59:43 UTC 2006
On Thu, Feb 23, 2006 at 12:33:14PM -0500, James Morris wrote:
> On Thu, 23 Feb 2006, Olivier Galibert wrote:
>
> > You forgot the alternative, "SELinux does not help at all given our
> > threat model, so it's all cost and no returns". That's the case here.
> > I won't activate SELinux any time soon.
>
> Can I ask what your threat model is?
We're a governmental research lab somewhere, with students and
visitors coming around and even classes in the conference rooms on a
regular basis. The computers are behind a reasonable, bidirectional
firewall. All disks are nfs-exported everywhere so that anyone can
work no matter what computer they're on. You can always find some ips
that are in the access lists but for which the associated computer is
offline at the time, especially since the list is accessed through
NIS. Also rlogind is active on most of the computers. Next to that,
the web servers, ftp servers, etc are reasonably competently
administred, with rampant paranoia w.r.t all scripts in there and this
kind of stuff.
We don't have wifi at that point.
The biggest data loss we've had in some years is when someone stole a
server computer, disks and all.
So our real threat is physical access, either stealing computers/disks
or plugging into the network. The technical answer to that is
paranoid encryption everywhere, which won't happen because the cost is
way higher than the risk. SELinux doesn't enter the picture at any
point. Remote control of a windows desktop box would be the secondary
threat if it wasn't for the bidirectional firewall. The unix systems
are far behind.
OG.
More information about the fedora-devel-list
mailing list