One of the biggest complaints people have about SELinux is the lack of documentation. Indeed we had a nice group discussion with some users at Linux Plumbers Conference who once again brought this to our attention. The reason is simple. Most of us working on SELinux are developers. We don’t like writing documentation. We’d rather write blog entries explaining some aspect of SELinux instead of real documents. While this works when your primary audience are knowledgeable enough to find the blog entries, figure out how to apply the concepts to their problems and connect all the dots between here and there it isn’t useful for new users or users trying to solve a simple problem.
For those who haven’t seen this, it is good news for everyone I think. Basically it means that the company that I work for, Tresys Technology, which has considerable security engineering experience and knowledge now has the ability to reach people who need those services, through Red Hat’s services division. Up until now we have done primarilly government work so we’ve been somewhat out of touch with the needs of commercial Linux users, many of which need security expertise to meet regulations or to protect their customers privacy.
So, stackoverflow.com was released to public beta pretty recently and I must say I’m impressed. It looks like a great place to go to get tough programming (and other) questions answered. So, in order to give it a spin I posted the question Do you disable SELinux? It didn’t get nearly as many answers as What’s your favorite “programmer” cartoon but I did get mostly good feedback, it seems like the audience on stackoverflow, in general, have seen the positive progress of SELinux and many have chosen to keep it enabled (or even write policies and make it work for them).
I’m in the process of moving my server from an ancient decrepit Gentoo install to a shiny new Ubuntu Hardy install with SELinux enabled.
Securing web browsers has always been a little tricky. With so many web applications available today, including corporate intranet sites, email and so on with confidential or proprietary information it is always a bit troublesome that web browsers essentially run in one security domain. The last thing I want is for a teller at my bank to go to some site that ends up getting bank info from another tab.
This article was requested, and was a long time coming anyway. I’ve gone over Multi-Level Security (MLS) a little bit before. It’s basically a security policy that is implemented by many trusted operating systems (such as Trusted Solaris) that is hierarchical and inflexible by nature. Specifically Bell-LaPadula (BLP) is used by many operating systems because it reflects the real world security policy used by the government and military. In BLP subjects and objects have a label consisting of a level (Secret, Top Secret, Unclassified, etc) and a set of non-hierarchical categories (US Only, Army, etc).
Recently I was looking around for a piece of software and I thought to myself “I need something with a more liberal license than the GPL”.. Then I thought “Wait, is liberal the right word there? Hrm”… So what do you guys think?
No, seriously. I’m not trying to be ironic because the title of my blog is “Brindle on Security”, which I should probably change to something more creative anyway. During my tenure at Gentoo, running the Hardened Gentoo project, the most common question by far was “How do I secure my system?” Warning, this article may contain some flamebait, avoid it if you can’t resist flaming back . Eventually we gave up and just pointed people to websites, perhaps this post can serve as that page. The answer was “What do you mean ‘secure’ your system?” Security isn’t, and can’t be, a goal by itself. You need to know what exactly you are trying to protect yourself against, your threat model, as it were.
Now that Blu-Ray has all but won the HD format war I guess its a little late to post this but oh well, I’ll do it anyway. Disclaimer: I am an HDDVD owner but this post is not a result of bitterness about my chosen format losing. The reason I’m posting here about (among others) is the actual reason I chose HDDVD. I also don’t want to talk about the pro’s and con’s of DRM or whether the DRM has been cracked and is accessible via other means. I am going to talk about the intentions of the format producers and what it means to consumers.
I just got a comment on my post about path based access control that was fairly startling to me. The more I thought about it, though, the more I thought maybe others shared the beliefs so I’m going to respond to it here. inode-based security has analogous problems to path-based security. Software opens paths, not inodes, so it very much matters what the permissions are for the file at /etc/shadow or /var/data/mydb, regardless of what the inode happens to be.