On Tue, 2005-07-05 at 08:58 -0500, alex@xxxxxxxxxxxxxxx wrote: > To summarize, if somebody has false sense of security (he has perfect > tools, but > used in a wrong way), it will be actually easier for you to spy on him. > This is > especially true with complex subsystems such as SELinux (what do you > think, how > many system administrators out there *really* understand it?). I'm not > sure if > this is the actual (real) backdoor Vladis was refering to in his reply ;-) There is quite a bit of work ongoing to help solve that problem (understanding and configuring SELinux policies effectively). SELinux doesn't create complexity, it just reveals it and allows you to control it. The SELinux mechanism itself isn't very complex; the complexity comes in trying to specify what you want to allow to happen on your computing system, because of the highly complex interactions of existing software on that system (not because of something added by SELinux). Classic case of blaming the messenger - SELinux tells you about all of the complex activity on your system and forces you to think about what you want to allow to happen, so you blame it for creating complexity tht was already there... -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
