Why do I need SELinux?

Mon Feb 21 01:39:03 UTC 2005

Craig White wrote:

>On Mon, 2005-02-21 at 00:38 +0000, Timothy Murphy wrote:
>  
>
>>Rahul Sundaram wrote:
>>
>>    
>>
>>>oh please. I was discussing about the NEED of SELinux for everyone
>>>      
>>>
>>But does _everyone_ need SELinux?
>>I'm willing to be convinced, but I haven't been yet.
>>
>>I think I am probably a typical home user,
>>perhaps with a bit more equipment than normal.
>>
>>My connection to the outside world is through my desktop, and ADSL.
>>I connect to my ISP by dhcp (and pppoe).
>>I'm running shorewall standard two-interface setup on my desktop.
>>As far as I can see, this means that no-one outside my system
>>should be able to get in,
>>and I certainly see hundreds of packets each day on LogWatch
>>that have failed to get in through a large number of ports.
>>
>>(1) Am I deluded in thinking myself reasonably safe?
>>
>>(2) It also seems to me that if someone did succeed in getting in
>>they would very probably have superuser privileges,
>>and so could counteract SELinux if they wanted to?
>>
>>So for both these reasons (but mainly (1))
>>I remain unconvinced that SELinux has anything to offer _me_.
>>And what is more, it seems to me that the same will apply
>>to most home users,
>>who I assume are not running web servers accessible by the world.
>>    
>>
>----
>it's not one thing - it's everything.
>
>Have wireless access on your home lan? What if you are slow in updating
>kernel in shorewall system? What if you access malicious web site as
>root? What if you download a tarball with malicious code?
>
>There's so many different ways you can have your security break - to
>look at your system and say, well I'm not running a web server, so this
>doesn't apply is entirely beside the point.
>
>Windows employs too little audited code, too few security checks and
>consequently, we see the things that have happened with their reputation
>with respect to security. Linux has a new technology that is arriving
>simultaneously with the 2.6 kernels that is designed to provide another
>additional layer of security - very handy when you execute the wrong
>code, misconfigure the wrong daemon, absentmindedly stop firewall
>services, etc. Yes, it's a PITA. Yes, we are having to deal with a
>technology that we neither understand nor wish to deal with.
>
>Getting superuser access by virtue of crashed daemon is not the same
>thing as logging in as root and that is one of the protections of
>SELinux.
>
>Shut it off if you want. The cost of shutting it off is removing one
>layer of protection. If it means that little to you - shut it off.
>
>Craig
>
>  
>
Thanks for your attention to this thread, Craig.  Tim asked a question 
that had been in my mind for some time.

My single unit SOHO system connects to the outside world through a cable 
modem.  I run no web services of any kind and simply do not turn the 
modem on when I am running as root.  Even if I su to root, the modem 
gets turned off.  So I had wondered whether SElinux provided any 
enhanced security for a system like mine.

I infer from your first paragraph above that SElinux offers some 
protection against damages from tarballs, rpms, etc. that one imports 
and employ as root.  If that inference is valid, I will spend some time 
trying to understand SElinux despite the apparent steepness of the 
learning curve an enduser like me will face.