On Thu, Feb 23, 2006 at 12:33:14PM -0500, James Morris wrote: > On Thu, 23 Feb 2006, Olivier Galibert wrote: > > > You forgot the alternative, "SELinux does not help at all given our > > threat model, so it's all cost and no returns". That's the case here. > > I won't activate SELinux any time soon. > > Can I ask what your threat model is? We're a governmental research lab somewhere, with students and visitors coming around and even classes in the conference rooms on a regular basis. The computers are behind a reasonable, bidirectional firewall. All disks are nfs-exported everywhere so that anyone can work no matter what computer they're on. You can always find some ips that are in the access lists but for which the associated computer is offline at the time, especially since the list is accessed through NIS. Also rlogind is active on most of the computers. Next to that, the web servers, ftp servers, etc are reasonably competently administred, with rampant paranoia w.r.t all scripts in there and this kind of stuff. We don't have wifi at that point. The biggest data loss we've had in some years is when someone stole a server computer, disks and all. So our real threat is physical access, either stealing computers/disks or plugging into the network. The technical answer to that is paranoid encryption everywhere, which won't happen because the cost is way higher than the risk. SELinux doesn't enter the picture at any point. Remote control of a windows desktop box would be the secondary threat if it wasn't for the bidirectional firewall. The unix systems are far behind. OG. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
