On Thu, Sep 02, 2004 at 10:15:20PM +1000, Russell Coker was heard to remark: > On Wed, 1 Sep 2004 08:44, Linas Vepstas <linas@xxxxxxxxxxxxxx> wrote: > > Every now and then, I look at SELinux, and I get scared away by its > > complexity. This complexity makes it very hard to audit, and assure > > What auditing are you referring to? Kernel code, application code, or policy? policy. > > oneself that its actually providing any real security, as opposed to > > the illusion of security. During this email thread, there are > > references to mysterious rules that neither party in the conversation > > fully understands; this scares me. > > Which mysterious rules are you referring to? I wasn't refering to them, the posters to the thread were. Unfortunately, I've already deleted those emails. > labelled as device_t. This means that there is no window of opportunity for > an attacker to access a device before it is correctly labelled. OK. Well, here's another idle question, again off-topic: Does SELinux provide any sort of assurances that storage media weren't tampered with between reboots? For example, with BIOS/firmware getting more sophisticated over time, there's potential for an attacker to break in, remotely, into bios/firmware, shortly before booting into the OS, and then alter disk contents. Yes, I know this is far-fetched, but was just curious. What got me going on that thread was thinking about udev/hotplug again: with devices coming and going, disappearing and re-appearing, it isn't obvious that there wasn't tampering while the device was gone. Again, excuse me if this sounds naive, un-informed or far-fetched, or terribly off-topic, but: In ye olden days, viruses spread through diskettes. These days, we're plugging-n-playing usb keychains, cameras, ipods, bluetooth this-n-that; although I haven't heard of attacks carried out through these media, its not obivious that these couldn't be carriers for an attack. --linas
