Hi Patrick: Thanks for your note. I understand that SELinux does not
directly apply to Stuxnet since it targeted Windows. However, my
question was conceptually motivated: whether mandatory access control
could have contained the impact of this worm, had it been available. I
had thought that the answer is yes but wanted to find out from other
experts. I believe you concur. Now, if only we could make SELinux a lot
easier to use..... this is where one of my interests lie. -- Sanjai
On 2/22/2011 11:53 AM, cto@xxxxxxxxxxxxxxxxxx wrote:
On 1/30/2011 7:39 PM, cto@xxxxxxxxxxxxxxxxxx wrote:
Hello,
Stuxnet is a Windows Worm, and SELinux is Mandatory Access Control for
Linux
on Linux SELinux can reduce the impact of such worms if targeting Linux
boxes, but it is not a preemptive mechanism for not having any kind of
compromise due to any vulnerability, Although if you protect your system
and targeted processes you may have reach the goal of containing the
impact of possible compromises
Best,
Patrick K.
On 1/30/2011 5:20 PM, Sanjai Narain wrote:
Has there been thinking on whether SELinux-hardened machines can avoid
the spread of Stuxnet-like worms? Thanks. --Sanjai
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx
with
the words "unsubscribe selinux" without quotes as the message.
Sanjai,
SELinux is Mandatory Access Control for Linux
Stuxnet only compromises Windows, SCADA and PLC 7 systems (Siemens
systems)
it is a worm, for a worm to compromise a system you need to have
certain vulnerabilities
It cannot compromise Linux (the same way); as that worm has been
designed for particular purposes and taking advantages of Windows
vulnerabilities
If you mean protecting a network using Linux front ends or inline
systems Like IPS systems that's another story which is irrelevant to
SELINUX actually (although an IPS system -Intrusion Prevention
system- on Linux can take advantages of SELINUX)
in brief , theoretically in case of a worm for Linux, it could be
contained if SELINUX is effectively used.
in practice Stuxnet is for Windows
Best,
Patrick K.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to
majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
