[clug] Anti-Virus Software

Daniel Pittman daniel at rimspace.net
Thu Jun 24 21:55:34 MDT 2010


Paul Wayper <paulway at mabula.net> writes:
> On 06/25/2010 10:14 AM, Alex Satrapa wrote:
>> On 25/06/2010, at 08:55 , steve jenkin wrote:
>
>>> Apple iPhone could be fundamentally broken, and not even Apple would know.
>>
>> SELinux could be fundamentally broken, and noone would ever know.
>
> I'll just take issue with that there, thanks.
>
> You're saying "fundamentally broken", meaning that you're not just talking
> about some random bit of policy that doesn't quite protect what it should -
> you're talking about something that allows a specific user or command to
> bypass all security and execute malicious code.
>
> That, my friend, is pure grade A wrong.
>
> The source code is there.  If there was a fundamental break in the code it
> would be patently obvious to the huge number of security researchers that
> have pored over that code for the last ten years.

I hate to say it, but evidence to date — which is extremely limited — suggests
that you are wrong.  Back in the days of Multics, which was designed from day
one to include the same MAC model as SELinux, was attacked and access to the
source for the original authors didn't help.

Not even that they knew with absolute certainty that the tiger team selected
to attack the system had inserted vulnerabilities helped them locate the
issues.

See here: http://csrc.nist.gov/publications/history/karg74.pdf


...and before you say it, no, we have not substantially improved the situation
since 1974.


> The policies are open and checked - it would be easier to slip in a
> malicious policy than break SELinux, and no-one's yet managed to have a
> policy that was more wrong than allowing the possibility of something not
> working as intended.  The openness of the code and the policy and the
> development process behind it ensures that fundamental breaks cannot occur.

Sadly, they don't.  Even aside the classic "Reflections on Trusting Trust", it
is absolutely possible for insecure code to be inserted because the level of
complexity is far, far beyond perfect analysis and understanding.

        Daniel
-- 
✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons


More information about the linux mailing list