[clug] My windows box got rooted last week... how at risk isLinux? [SEC=UNCLASSIFIED]

Rousak, Boris Boris.Rousak at innovation.gov.au
Thu Jun 12 23:23:32 GMT 2008


Slightly OT :) but...

after such a great recommendation of SELinux, could you (and/or the
collective mind) recommend any good books URLs on it? And by good I mean
books that do more than just say "this is what an SELinux policy looks
like, feel free to modify it to your needs".

Cheers,
Boris

-----Original Message-----
From: linux-bounces+boris.rousak=innovation.gov.au at lists.samba.org
[mailto:linux-bounces+boris.rousak=innovation.gov.au at lists.samba.org] On
Behalf Of Paul Wayper
Sent: Thursday, 12 June 2008 5:19 PM
To: CLUG List
Subject: Re: [clug] My windows box got rooted last week... how at risk
isLinux?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Pittman wrote:
|> While linux in general is less insecure than windows, I believe it is

|> entirely possible to configure a linux box so it is secure, really 
|> really secure, using SELinux or App Armour etc.  Mind you, I've never

|> known anyone who actually did it successfully though ;-)
|
| What, Mandatory Access Control systems being hard?  Say it ain't so. 
| ;)
|
| Seriously, those MAC modules don't actually add /that/ much security 
| in many cases; the issues they protect against are bypassed by the 
| exploits.

Well, that's certainly not my experience of SELinux, for example.  I've
seen a number of attempts to subvert my web server when I was at ANU,
and each time they would have fallen afoul of the system's SELinux
Apache policy of not allowing execution of a binary from the /tmp
directory.  And there were no intersections of the set of places that
Apache could write to and the set of places that got the
httpd_sys_script_exec_t type automatically.  Even then, they would have
hit the rule not allowing outgoing network connections.  Of course,
inbound connections were handled by my iptables policy.  So short of me
doing something stupid with my access policies or someone finding a flaw
in SELinux, it was secure.

Which does mean that you have to understand SELinux policies in order to
get that security.  But then the same goes for any security system.

Chris, do you think I should give a talk on a beginner's guide to
working with SELinux?

|> Unless you have a really good reason, put a firewall between the 
|> machine and the internet.  That goes quadruple for windows boxes.
|
| This makes very little security difference if your exposure is due to 
| a kernel IP level bug, or to a service that you expose to the
Internet.
|
| It also leads to a much more significant risk that your "crunchy on 
| the outside, soft in the middle" infrastructure will be compromised 
| the moment someone walks an infected laptop into the building.

Well, I'd agree with that.  Some people look at me funny when I say that
I still have SELinux enabled on all my home machines, including my
MythTV machine.  But then I have MythWeb installed and occasionally
allow friends onto my WiFi network, so it makes good sense to me.  And
why disable something that's going to protect you if it's not getting in
your way - or if you can make what you want to do fit within its
protection?

However, I'd point out that the risk of a "kernel IP level bug" or
similar Linux system-wide vulnerability is vanishingly small, both in
terms of the numbers of physical attacks seen on the Internet and in
terms of the scrutiny of the code.  The last kernel exploit required the
attacker to take advantage of a very specific set of circumstances that
was vanishingly hard to reproduce without physical access to the
machine.  In these terms you are more likely to have your machine hacked
by someone physically being on it and doing something stupid than you
are to get a remote attack that succeeds.  So while it's good to be
honest - that no security system is foolproof or totally secure - it's
also important to not engage in "Security Theatre" and blow the risks
out of proportion.

Overall, there's a lot of evidence that, while not totally secure, Linux
in the hands of an average person is much more secure than a Windows
machine in the same user's hands.  In the hands of someone who knows
what they're doing, both OSes are pretty resilient, but that's hardly
the most common scenario.

Have fun,

Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFIUM3ru7W0U8VsXYIRAsSWAJ47e9okistfLmnZFbfHsWhBPuChsgCggh5w
yMMPkREze7kUYkF2r+GuF68=
=cR66
-----END PGP SIGNATURE-----
--
linux mailing list
linux at lists.samba.org
https://lists.samba.org/mailman/listinfo/linux

*************************************************************************
The information contained in this e-mail, and any attachments to it,
is intended for the use of the addressee and is confidential.  If you
are not the intended recipient you must not use, disclose, read,
forward, copy or retain any of the information.  If you received this
e-mail in error, please delete it and notify the sender by return
e-mail or telephone.

The Commonwealth does not warrant that any attachments are free
from viruses or any other defects.  You assume all liability for any
loss, damage or other consequences which may arise from opening
or using the attachments.

The security of emails transmitted in an unencrypted environment
cannot be guaranteed. By forwarding or replying to this email, you
acknowledge and accept these risks.
*************************************************************************



More information about the linux mailing list