Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: In defense of Mandatory Access Control, was Re: No more Novell AppArmor?

From: Joanna Rutkowska <joanna () invisiblethingslab com>
Date: Wed, 01 Apr 2009 22:48:47 +0200
Brad Spengler wrote:


It is cool to be dismissive and aloof about "new" (9 year old) 
technologies.  Otherwise you're just the SELinux version of the "year of 
Linux on the desktop!" guy.  Regarding ineffectiveness (and specifically in
regards to "proofs" and words such as "can't" and complexity/usability 
trade-offs) I won't repeat myself, since everything that needed to be 
said or demonstrated was done 2 years ago:
http://lists.immunitysec.com/pipermail/dailydave/2007-March/004133.html


<cut>

Let me also point out to Rafal's SELinux exploit from 2003(!):

http://www.nsa.gov/research/selinux/list-archive/0306/4468.shtml

...as well as his recent exercise in SELinux default policy bypassing on
Xenified FC8:

http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf

These were not kernel exploits, but rather something taking advantage of an
overcomplexity of the system.

Of course, the main argument against all those SELinux-like-academic-systems are
kernel exploits, as pageexec and Brand correctly pointed out. I see that people
can only argue about *how* to address that very problem (of kernel exploits),
not about whether it *is* a problem.

So, whether to use "Security by Obscurity" approach (e.g. ASLR) or "Security by
Isolation" approach, that requires isolation of drivers (think VT-d). I guess we
all know that "Security by Correctenss" has not, and will not work for kernel
and drivers code.

joanna.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: