Friday, August 18. 2006
But our security goes to 11!
I just read another story today where Novell claims AppArmor is easier than SELinux, therefore SELinux sucks:
http://www.securityfocus.com/brief/284
I admit I'm growing tired of this argument and wish they had a different one. First we should get a few things strainght:
Hard things aren't always bad.
Easy things aren't always good.
My favorite example is a bank vault versus a screen door. A bank vault is hard to install, hard to open (legally or otherwise), but is very secure. A screen door is rather easy to open, install, and fairly insecure. If you had a big pile of money, would you rather keep it safe with a screen door, or a bank vault? While I won't speak for everyone, I personally prefer to entrust my money to a bank.
Another amusing analogy might be to claim that BASIC is a "better" language than C since BASIC is easier than C
We are offered a glimpse into one of the ways AppArmor is supposed to be considerably easier than SELinux in this message:
http://archives.neohapsis.com/archives/sf/www-mobile/2006-q2/0007.html
AppArmor comes with a tool that can investigate what a running program is doing and create a policy based of that. In theory this sounds great, but it's not without problem. The example policy is for Thunderbird (a mail client for those of you who don't know).
The important bit here is this:
Thatt means that for some reason AppArmor has decided that a client side mail client needs the ability to switch to the superuser (root). It's likely the result of a bug in Thunderbird. I don't disagree that tools can help make things easier, but it's rather misleading to claim your tools are something they are not. Whenever a policy is tool-generated in this manner, it will require a knowledgeable engineer to interpret the outcome.
I won't say SELinux is perfect, but I think it's the correct approach for a hard problem. I would much rather see a comparison of SELinux versus AppArmor based on technical merit instead of marketing jibberish.
http://www.securityfocus.com/brief/284
I admit I'm growing tired of this argument and wish they had a different one. First we should get a few things strainght:
Hard things aren't always bad.
Easy things aren't always good.
My favorite example is a bank vault versus a screen door. A bank vault is hard to install, hard to open (legally or otherwise), but is very secure. A screen door is rather easy to open, install, and fairly insecure. If you had a big pile of money, would you rather keep it safe with a screen door, or a bank vault? While I won't speak for everyone, I personally prefer to entrust my money to a bank.
Another amusing analogy might be to claim that BASIC is a "better" language than C since BASIC is easier than C
We are offered a glimpse into one of the ways AppArmor is supposed to be considerably easier than SELinux in this message:
http://archives.neohapsis.com/archives/sf/www-mobile/2006-q2/0007.html
AppArmor comes with a tool that can investigate what a running program is doing and create a policy based of that. In theory this sounds great, but it's not without problem. The example policy is for Thunderbird (a mail client for those of you who don't know).
The important bit here is this:
capability ipc_lock,
capability setuid,
Thatt means that for some reason AppArmor has decided that a client side mail client needs the ability to switch to the superuser (root). It's likely the result of a bug in Thunderbird. I don't disagree that tools can help make things easier, but it's rather misleading to claim your tools are something they are not. Whenever a policy is tool-generated in this manner, it will require a knowledgeable engineer to interpret the outcome.
I won't say SELinux is perfect, but I think it's the correct approach for a hard problem. I would much rather see a comparison of SELinux versus AppArmor based on technical merit instead of marketing jibberish.
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I'll try to respond to this in detail when I have time but in the meantime you might be interested in my blog articles at:
http://securityblog.org/brindle/2006/04/19/security-anti-pattern-path-based-access-control/
and
http://securityblog.org/brindle/2006/03/25/security-anti-pattern-status-quo-encapsulation/
Its nice to see someone outside the SELinux community starting to talk this way, thanks
http://securityblog.org/brindle/2006/04/19/security-anti-pattern-path-based-access-control/
and
http://securityblog.org/brindle/2006/03/25/security-anti-pattern-status-quo-encapsulation/
Its nice to see someone outside the SELinux community starting to talk this way, thanks
But a bank vault isn't hard to use, or to grasp the concept of ('it's a big box you can lock'). There is a lot to be said for comprehesibility, especially in the security field.
Well the trackback didn't seem to work so here is my response to this:
http://securityblog.org/brindle/2006/08/20/on-apparmor/
http://securityblog.org/brindle/2006/08/20/on-apparmor/
Instead of a big metal door, I would say that selinux is more like a moat filled with sharks with frigging laser attached head gear.
Calendar
|
May '13 | |||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Quicksearch
Archives
Categories
Syndicate This Blog
Blog Administration
Powered by
