SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [OT] SELinux vs. other systems [was Re: [idea] udev + selinux] This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Linas Vepstas <linas_at_austin.ibm.com> Date: Thu, 2 Sep 2004 12:07:34 -0500 On Thu, Sep 02, 2004 at 10:15:20PM +1000, Russell Coker was heard to remark: > On Wed, 1 Sep 2004 08:44, Linas Vepstas <linas@austin.ibm.com> wrote: > > Every now and then, I look at SELinux, and I get scared away by its > > complexity. This complexity makes it very hard to audit, and assure > > What auditing are you referring to? Kernel code, application code, or policy? policy. > > oneself that its actually providing any real security, as opposed to > > the illusion of security. During this email thread, there are > > references to mysterious rules that neither party in the conversation > > fully understands; this scares me. > > Which mysterious rules are you referring to? I wasn't refering to them, the posters to the thread were. Unfortunately, I've already deleted those emails. > labelled as device_t. This means that there is no window of opportunity for > an attacker to access a device before it is correctly labelled. OK. Well, here's another idle question, again off-topic: Does SELinux provide any sort of assurances that storage media weren't tampered with between reboots? For example, with BIOS/firmware getting more sophisticated over time, there's potential for an attacker to break in, remotely, into bios/firmware, shortly before booting into the OS, and then alter disk contents. Yes, I know this is far-fetched, but was just curious. What got me going on that thread was thinking about udev/hotplug again: with devices coming and going, disappearing and re-appearing, it isn't obvious that there wasn't tampering while the device was gone. Again, excuse me if this sounds naive, un-informed or far-fetched, or terribly off-topic, but: In ye olden days, viruses spread through diskettes. These days, we're plugging-n-playing usb keychains, cameras, ipods, bluetooth this-n-that; although I haven't heard of attacks carried out through these media, its not obivious that these couldn't be carriers for an attack. --linas -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 3 Sep 2004 - 10:34:15 EDT This message: [ Message body ] Next message: Luke Kenneth Casson Leighton: "Re: Proposed Hardware File Context file." Previous message: Stephen Smalley: "Re: reiferfs in SUSE9.1" In reply to: Russell Coker: "Re: [OT] SELinux vs. other systems [was Re: [idea] udev + selinux]" Next in thread: Russell Coker: "Re: [OT] SELinux vs. other systems [was Re: [idea] udev + selinux]" Reply: Russell Coker: "Re: [OT] SELinux vs. other systems [was Re: [idea] udev + selinux]" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom