SELINUX - Why?

[Les Mikesell]

On Wed, 2005-07-27 at 14:24, Mike McCarty wrote:

> In short, they presume that there is some way that software
> gets onto my system without my being aware of it, but do
> not specify any means by which that might take place.

> Since the issue of how the "malware" gets onto my machine
> is completely bypassed, I consider the answer given in the
> FAQ to be, well, significantly incomplete.

"Unknown vulnerabilities" are a reason assumption for any code. Over
the years many have been found and fixed in programs included in
Linux distributions.  The most common involve buffer overflows
that allow something sent over the network to be executed
accidentally by a program that that was supposed to be doing
something else.

> And augmenting the answer with "We don't know how it might
> get onto your machine" is, IMO, not an adequate answer. It
> begs the question.

No, you should expect your software to include bugs.  It is
impossible to prove that it doesn't.

> What I mean is, I ask "Why should I run selinux?" The answer
> then seems to be "We don't know, but if you don't bad things
> might happen to your system due to malicious programs."

A better question is why you should not apply the same logic to
the relatively new code in selinux.  That is, assuming you
should not completely trust code that has been around for
a long time and has had bugs exposed and fixed may be reasonable,
but then why should you trust selinux not to introduce new bugs
and vulnerabilities of its own?

-- 
  Les Mikesell
    lesmikesell at gmail.com