WARNING:DO NOT UPGRADE TO CORE 4

[Paul Howarth]

On Wed, 2005-07-13 at 14:05 -0500, Les Mikesell wrote:
> On Wed, 2005-07-13 at 13:22, Paul Howarth wrote:
> 
> > My point was that there's no way of knowing what undiscovered
> > vulnerabilities there are on your system, so having multiple layers of
> > defences such as firewalls, mounting /var and /tmp partitions with
> > noexec, selinux etc. all help to mitigate the risk.
> 
> And the counterpoint to that is that we (most of us anyway) also
> don't know what new problems selinux creates as it tries to
> solve the old well known ones.  Why is it that you accept on
> faith that adding new code in the form of selinux is an improvement
> while recognizing that you don't know about undiscovered vulnerabilities
> in code that has been around for ages and has already had the obvious
> things fixed?

Of course there's the risk that there may be additional vulnerabilities
introduced through the installation and use of SELinux. I just think
that the benefits in terms of reduced risk from other vulnerabilities
that may not be exploited in an SELinux environment outweigh the risks
of the additional vulnerabilities being present. Other people may take a
different view. In the end I just treat it as another layer of defence;
I'm not thinking of SELinux as a magic bullet or something to replace
other defences.

I also try not to wear a tinfoil hat. There's a trade-off between
security and usability and everyone needs to find a point where they're
comfortable with the trade-offs they're making. I don't overly worry
about cookies for instance; they serve a useful purpose for me. Other
people clearly don't feel comfortable with them, and that's fine too if
they're happy with the usability they're left with.

Paul.
-- 
Paul Howarth <paul at city-fan.org>