-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stewart Stremler wrote:
>> Security discussions always devolve into arguing over semantics and
>> absolutes.
>
> All discussions!
> Since it is
>>impossible to be "Secure" with a capital 'S' we must assume the
>>convention that anytime someone implies security they mean "more secure"
>>not perfect security.
>
> Perfect security is disassembled, sandblased, encased in concrete, and buried.
I just KNEW you was going to say this. In fact I almost referenced this
idea in my above complaint about security discussions. Saying perfect
security is disassembled...etc. in the company of anyone who knows
anything about security is like sitting with your friends on the front
porch on a hot day in the midwest and saying, "It's not the heat, it's
the humidity!" as if you are contributing something.
>> I think SE Linux does add more security. And so
>>far with zero overhead as I have done all kinds of things to my laptop
>>and never had to mess with it.
>
> And how does it protect your data?
>
> ("By preventing a compromise of the OS." is not an acceptable answer.)
Sure it is. If the OS is compromised you stand a very good chance of
losing your data. But let's look at it from the point of view of
protecting a users data from other rogue applications being run by the
same user. Traditionally in Unix there is no concept of least privilege
among processes being run by the same UID. This means that your IM
program could access your email programs address book and then make an
outgoing connection to your mail server and spam a virus to everyone if
a buffer overflow or other problem were to be discovered in your IM
client. Wtith SE Linux you can restrict your IM client to only being
able to modify the files that should be accessable to that application.
This protects your own personal data which has nothing to do with the IM
program from being modified by the IM program. Currently implementing
this level of least privilege in SE Linux is not ready for prime time as
only major system daemons are being protected from network based
exploits (the most common kind) but it is definitely coming. Eventually
I hope that in order to ship a piece of software such as an rpm or deb
for a Linux system it would come with a security context definition
which would be automatically installed when the rpm is installed.
> And I'm feeling weaseled. Instead of conceding that whatshisname has a
> point and that you can't really deal with it, you change the situation to
> one that backs your position instead.
I don't think he does have a point. I listed a number of reasons why I
think it is bad to do normal work as root in my initial email.
> I posit that you've accepted that Linspire/Lindows is targeted at single
> user systems already, and the multi-user situation has already been excluded
> from consideration. You should either come up with some better reasons,
> or concede the point.
I am pretty sure that most Lindows boxes will find themselves in
multi-user situations.
> That's back to "avoid learning bad habits".
>
> I trotted that one out first thing. Way upthread. :)
And it is a pretty good reason all by itself.
> What, having someone hold up the arguments presented to some actual
> standards? Better now in a friendly forum than in public when some
> charming salesweasel slices your ego to ribbons.
I am pretty sure salesweasels (I once referred to a vendor as a
salesweasel on an obscure open source project mailing list which that
vendor happened to read, caused quite a bit of amusement ;) won't be
arguing the finer points of Unix security any time soon. :) Especially
Lindows salesweasels. Michael is not a salesweasel. He actually
understands these things.
> For the constraints of the problem he's not far wrong. For now. There
> are some concepts that can be put into place, perhaps, to change the
> situation -- so he might be _made_ wrong.
What sort of concepts? I'm curious.
> It doesn't always seem that way.
Now now, this is just friendly debate among friends. :) Often we will
have to agree to disagree but the exercise is good for the mind either way.
>>I am trying to provide sober analysis of the pros and cons.
>
> You've done better than many, by far.
Thank you.
> I don't recall that being in *this* thread. But yes, I generally like $HOME
> being mounted w/o noexec, as that's a usablity-vs-security tradeoff I'm
> willing to accept. The utility of ~/bin and ~/local is quite high.
Ah, you are right. Different thread. Still, you said it and we're gonna
hold you to it! :)
> -Stewart "Stop with the pointy sticks already!" Stremler
hehe...
- --
Tracy R Reed
http://[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCZyUa9PIYKZYVAq0RAqmQAJ9CewW7wko8UnR5gnwOoEIXO1Q2oQCfR3Ux
6tysmHYn9okOVYOA1FzPPXo=
=6jkB
-----END PGP SIGNATURE-----
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
