[Dailydave] In defense of Mandatory Access Control, was Re: No more Novell AppArmor?
Joanna Rutkowska
joanna at invisiblethingslab.com
Wed Apr 1 16:48:47 EDT 2009
Brad Spengler wrote:
> It is cool to be dismissive and aloof about "new" (9 year old)
> technologies. Otherwise you're just the SELinux version of the "year of
> Linux on the desktop!" guy. Regarding ineffectiveness (and specifically in
> regards to "proofs" and words such as "can't" and complexity/usability
> trade-offs) I won't repeat myself, since everything that needed to be
> said or demonstrated was done 2 years ago:
> http://lists.immunitysec.com/pipermail/dailydave/2007-March/004133.html
>
<cut>
Let me also point out to Rafal's SELinux exploit from 2003(!):
http://www.nsa.gov/research/selinux/list-archive/0306/4468.shtml
...as well as his recent exercise in SELinux default policy bypassing on
Xenified FC8:
http://invisiblethingslab.com/resources/misc08/xenfb-adventures-10.pdf
These were not kernel exploits, but rather something taking advantage of an
overcomplexity of the system.
Of course, the main argument against all those SELinux-like-academic-systems are
kernel exploits, as pageexec and Brand correctly pointed out. I see that people
can only argue about *how* to address that very problem (of kernel exploits),
not about whether it *is* a problem.
So, whether to use "Security by Obscurity" approach (e.g. ASLR) or "Security by
Isolation" approach, that requires isolation of drivers (think VT-d). I guess we
all know that "Security by Correctenss" has not, and will not work for kernel
and drivers code.
joanna.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 226 bytes
Desc: OpenPGP digital signature
Url : http://lists.immunitysec.com/pipermail/dailydave/attachments/20090401/99847ccc/attachment.pgp
More information about the Dailydave
mailing list