A number of people - not on this list - have objections to SEL, even including 
the suggestion that it is really a business model to sell support rather than 
offer security!

Mine has always been that a security system that depends on various utilities 
must be fundamentally insecure as anyone can insert corrupted versions and a 
hacker can alter the path so that the unsuspecting user ends up copying their 
files out as well as doing an ls for example.  And if you happen to disable 
SEL then enable it again, you have I believe to rebuild the filestore.

Others view the LSM as insecure by virtue of exported symbols.

A lot can be done with standard access controls and it is a great pity that so 
many packages are wrapped up and thus installed with world permissions, read 
permissions when not appropriate and other loopholes.  It would be far too 
much to expect Connie and Troy (or our friends at CentOS) to reset all of 
these - it is really a hole created by the UV maybe to justify the inclusion 
of SEL.  Proper setting of home directories that mirrors group  access can 
reduce visibility. (ie set the home as /home/groupname/username with 2771 
group permissions, group membership for user and  0700 for the home 
directory) controls a lot of things.

I always disable SEL and use grsecurity (www.grsecurity.net) which is a kernel 
patch that requires no supporting utilities other than the gradm control 
utility.  It includes the PaX patches.  

The only issue then is that the grsec patches generally refer to the latest - 
or nearly latest - kernels and there is some debate that a stable version 
should be made available for 'stable' kernels such as used by the Upstream 
Vendor.

Policies are always a problem to set of course.

Thanks for everything.

On Tuesday 24 July 2007 06:21:47 Keith Lofstrom wrote:
> On Mon, Jul 23, 2007 at 04:38:49PM -0700, Zhi-Wei Lu wrote:
> > ...
> > Many times, one does not think that it is an SELinux related issue
> > and waste a lot of energy trying to debug the problem. I am just
> > wondering how people are coping with SELinux: love it, hate it,
> > disable it, disable some transactions.  I would really like to hear
> > the words of wisdom on this topic.
>
> I, too, am worried about SELINUX.  I would work with it more, but
> there seems to be little accurate information about configuring it
> for new apps (such as OpenVPN).  I set it to permissive, and may turn
> it off entirely unless I can find better info about configuration
> with SL5.
>
> Local acquaintance Crispin Cowan developed AppArmor, now a part of
> Novell/SUSE.  Crispin makes a convincing ease-of-use case for the
> now-free-and-open AppArmor, and I might use that instead of SELINUX
> if the config files become available for SL5.  Crispin will be at
> OSCON this week, and I expect to see him a few times;  if anyone
> wants me to ask him more questions about AppArmor, I can.  AppArmor
> might prove an interesting alternative for the SL5 user community
> to develop and use as an add-on package.
>
> Keith



-- 
Best wishes

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
[log in to unmask]              [log in to unmask]
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com

-------------------------------------------------------

-- 
Best wishes

John

John Logsdon                               "Try to make things as simple
Quantex Research Ltd, Manchester UK         as possible but not simpler"
[log in to unmask]              [log in to unmask]
+44(0)161 445 4951/G:+44(0)7717758675       www.quantex-research.com