Skip to main content

Do We Really Need Layered Security For Single User Computers?


I have a subscription to user support in the fedora users mail list. I came across a thread about SElinux. Selinux is the mandatory access control security layer implemented in fedora and Red Hat Enterprise linux. In Ubuntu (also in OpenSuse) they implement MAC through Apparmor.

From:  Andrew R Paterson <andy.paterson@ntlworld.com>
File system permissions require at least basic knowledge and
> administration.  Most of the people I installed Linux for don't even
> know what they're good for.

> If your computer is single-user anyway, why does it need a security
> subsystem?


> *eyeroll*
Having watched this debate I find I must add my own 10c
I have spent over 30 years working on unix systems starting with xenix, bsd 
and ending up with linux .....
We survived quite happily using the well known DAC methods of standard UNIX.
(UGO - RWX - setuid etc).
Then I worked on some military systems (high security stuff) and started to use 
SOLARIS CMW (Compartentalised Mode Workstation) and DEC MLS (Multi-Level-
Security).
These both use the same (probably not as up to date) MAC security via 
labelling as (I guess) selinux.
I can truthfully say I loved UNIX in all its forms until coming across CMW & 
MLS and now SELINUX - then basically - I wanted OUT!.
They are horrendous; if you start to use labelling in earnest - absolutely 
suicidal!!! - unless you have a real motive - ie you work for the security 
services or a bank or something  and have a massive amount of time to devote.
Why do the selinux guys have to force MAC onto all linux users - even 
hobbyists?
Its getting like some kind of religion!

May I add that MAC is implemented differently in Ubuntu. Only *some* critical processes are protected. Layered security helps to protect our computer from zero-day attacks. It makes it less susceptible to system-wide malware attacks.
--
Use my PGP key if you want to encrypt your replies/messages to me. You are invited to also send me your PGP keys so we can communicate in private.




--
Use my PGP key if you want to encrypt your replies/messages to me. You are invited to also send me your PGP keys so we can communicate in private.

Comments

Post a Comment

Popular posts from this blog

ZFS Unable to System Snapshot, bpool is Full?

I first encountered the problem after a routine update / upgrade of the system. Well there was a kernel upgrade and I have not checked how many old kernels are still left for backups in /boot. Apparently, there was a few and the partition is 85% full. Every software update included a warning because of the restriction in disk space. Also, zfs could not create snapshots. It is also full. This is not very clear to me. Snapshots were suppose to be diff copies so why would it take up a large space. Most of the snapshots are less than 2MB. Or 0MB. Another problem that popped up is the constant freezing of Rhythmbox. I don't know if the config files are corrupted. The CPU cycles from one to the next. Peaks for 5-6 seconds then on to the next CPU. This forced me to download Clementine and Audacious. But both applications do not find the zfs pool or don't show the zfs structure. Why not? My final solution is to reinstall Rhythmbox via snaps. I re-scanned the music libr
Post a Comment
Read more

Renter's ID and Business Licensing 2023

Last year's business permit application involved an undertaking of submitting lessee list to the Barangay in order to get them ID's including one for the lessor himself. I received a letter of notification just before New Year's Day. It informed me that I might be denied renewal of permits because I did not comply with this undertaking. So the Renter's ID is a serious thing now. When I went ahead and applied for a business permit renewal at the local government office everything went well except they want my list of lessee. So I had to backtrack and go to the Barangay and submit the list. They produced the ID's and I provided the photo ID's and of course have it signed by the lessee. After that, they pointed me to the cashier to pay the taxes and permit fees which totaled php15,305.00 ($280.33) During the payment of Fire and Safety department, they reminded me to bring my fire extinguisher official receipts of payment. I can pick up my new pe
Post a Comment
Read more

Check rkhunter warnings For Deleted Files

logfile- /var/log/rkhunter.log starts [partial starts] [19:18:58] Info: Starting test name 'malware' [19:18:58] Performing malware checks [19:18:58] [19:18:58] Info: Starting test name 'deleted_files' [19:19:35]   Checking running processes for deleted files    [ Warning ] [19:19:35] Warning: The following processes are using deleted files: [19:19:35]          Process: /usr/bin/pulseaudio    PID: 784    File: /memfd:pulseaudio [19:19:35]          Process: /usr/bin/gnome-shell    PID: 1151    File: /tmp/mutter-shared-67ER4Y [19:19:35]          Process: /usr/bin/pulseaudio    PID: 1173    File: /memfd:pulseaudio [19:19:35]          Process: /usr/lib/evolution-data-server/evolution-source-registry    PID: 1194    File: /home/donato/.local/share/gvfs-metadata/home [19:19:35]          Process: /usr/bin/python2.7    PID: 1472    File: /tmp/vteZY4V4Y [19:19:35]          Process: /usr/bin/megasync    PID: 1484    File: /run/user/1000/wayland-cursor-shared-t6KVCM [19:19:35]    
Post a Comment
Read more