On Mon, 25 Jan 2016, Tim wrote:
I watched a friend get his box hacked four seconds after establishing a network connection. He had to re-install to fix the problem. Same thing happened the next two times he connected up. I just about wet myself laughing. It took him three hacks before he wised up that he needed to run protective software all the time. Drop your guard for a second (or at least a few seconds), and that's enough.
Did you mean "hacked" or "attacked?" It seems to me that if there are successful intrusions by scripted attacks within four seconds of installation of a linux distro, it's either the wrong distro or it's wrongly installed -- with or without selinux enabled. The problem I see with selinux is that it is so user-unfriendly. These kinds of things always seem easy and straightforward to someone who knows it well. That's the nature of skill, regardless of the kind of skill it is. It reminds me of when I was a medical student many years ago, going through my Pathology laboratory. We were studying inflammation and looking at white blood cells under the microscope. I looked through the scope and all I saw were little dots. It made no sense to me. And I said so. I could see the resident getting more and more frustrated with me as he kept telling me over and over again how to tell the difference between the various inflammatory cells -- it so trivially obvious and I was such a moron. Then, four years later, I was the resident physician in pathology and I was assigned the second year pathology lab. The student was looking through the microscope and couldn't tell the difference between a polymorphonuclear leukocyte and a plasma cell -- two cells that look *totally* different. I remember getting more and more frustrated with the student as I told her over and over again how to tell the difference. But she just couldn't see it! I thought to myself "What a moron." That's what four years of staring through a microscope 18 hours a day buys you. That's what I think of when I read these discussions. If someone is struggling with something like this, they may seem like morons, but it is usually someting *other* than simple supidity or laziness that is the reason. It's because the barrier to doing it is greater than the perceived benefit. Yes, selinux is a great tool, particularly for large multiuser systems that serve a lot of things. But the very thing that makes it a great tool for these systems makes it very complex and intrusive, particularly on one- or two-user systems that serve personal things. Do we really need a lot of user-level permission tweaking when every user on the machine is an administrator? The selinux protections at the process level are obviously beneficial, but that's often where the barriers are the highest. Selinux provides exquisite protections at the process level for servers. Personally, that's where the most frightening attacks on my boxes have come from in recent years. But, selinux frequently takes a server that "just works" and turns it into one that "just doesn't work." Then, you have to figure out whether the misconfiguration is from the server or from selinux, and how to tweak both so that one will let the other do its thing. And, no, the answers are not always obvious. There is a truism that I remember being told about computer security a long, long time ago that usability and technical security are inversely related. At some point, when you increase the technical security enough, you will have made the system unusable to the point that your users will simply start going around it simply to get their work done. I remember bringing some data to a federal military installation once on a flash drive. The military had recently put in a policy that flash drives were not allowed, and they had some sort of enterprise-level monitoring software that watched the usb ports on every machine in the network. I gave the flash drive to the agent and said "Look, here's my results. I don't know how you are going to look at them, but this is what I've got." The agent powered down his computer, unplugged his computer from the network, booted it up again, put in the flash drive, downloaded the data, pulled out the flash drive, powered down the computer, plugged it back into the network, and powered it up again. He said that everybody did it all the time -- because the security policies had made it impossible for them to do their work otherwise. The combination of security that ignores users and users that ignore security gives you a system that has neither security nor usability. And simply calling users morons will not solve this. I think a lot of stuff in linux is approaching this complexity/usability tipping point, not just in security. System admin tools, filesystems, logging, desktops, etc. have become the playthings of people who like being the chosen few who have mastery over unnecessarily byzantine and complex systems and tools created to be beyond the effort barrier of the hobby user. I love KDE, but frankly, it is collapsing under it's own complexity. Selinux is just another exmple. I used to like linux because it made sense. Now it seems that it's little different than Windows sometimes -- opaque, overly complex, and unfriendly. billo -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
