On Friday 18 November 2005 12:47, Les Mikesell wrote:
> Well, it may or may not be true. It is certainly well-intentioned, but
> we are talking about bugs and unexpected behavior here which by
> definition aren't predictable.
Les, let me make a statistical contrast here. Standard run of the mill bugs
are stochastic in nature (that is, unpredictable) and thus will in aggregate
fall on a Gaussian distribution. Black hat activities are not stochastic,
and a predictably bad for you. I think I'd rather take my chances with bugs.
> likely, by making normal operations more difficult, you set up
> the authorized users to need more outside help and more chances for
> social engineering efforts to steal their credentials.
That's where properly configuring the policies becomes critical. You need to
profile what constitutes 'normal' first, then set your policies to allow the
normal activities without intervention. The abnormal is what gets blocked,
and hopefully at least is what the worm/black hat is trying to do.
Let me clarify my position on this, as I seem to not have conveyed my meaning
quite as clearly as I intended. My problem is not with 'turning SELinux off'
but with the attitude that one should always turn SELinux off. If you have a
valid reason for turning it off (or setting it to permissive and setting the
syslog options correctly) then do it; but don't assume that that is the Right
Thing for Everybody All the Time.
--
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
(828)862-5554
www.pari.edu
