Skip to main content

Do We Really Need Layered Security For Single User Computers?


I have a subscription to user support in the fedora users mail list. I came across a thread about SElinux. Selinux is the mandatory access control security layer implemented in fedora and Red Hat Enterprise linux. In Ubuntu (also in OpenSuse) they implement MAC through Apparmor.

From:  Andrew R Paterson <andy.paterson@ntlworld.com>
File system permissions require at least basic knowledge and
> administration.  Most of the people I installed Linux for don't even
> know what they're good for.

> If your computer is single-user anyway, why does it need a security
> subsystem?


> *eyeroll*
Having watched this debate I find I must add my own 10c
I have spent over 30 years working on unix systems starting with xenix, bsd 
and ending up with linux .....
We survived quite happily using the well known DAC methods of standard UNIX.
(UGO - RWX - setuid etc).
Then I worked on some military systems (high security stuff) and started to use 
SOLARIS CMW (Compartentalised Mode Workstation) and DEC MLS (Multi-Level-
Security).
These both use the same (probably not as up to date) MAC security via 
labelling as (I guess) selinux.
I can truthfully say I loved UNIX in all its forms until coming across CMW & 
MLS and now SELINUX - then basically - I wanted OUT!.
They are horrendous; if you start to use labelling in earnest - absolutely 
suicidal!!! - unless you have a real motive - ie you work for the security 
services or a bank or something  and have a massive amount of time to devote.
Why do the selinux guys have to force MAC onto all linux users - even 
hobbyists?
Its getting like some kind of religion!

May I add that MAC is implemented differently in Ubuntu. Only *some* critical processes are protected. Layered security helps to protect our computer from zero-day attacks. It makes it less susceptible to system-wide malware attacks.
--
Use my PGP key if you want to encrypt your replies/messages to me. You are invited to also send me your PGP keys so we can communicate in private.




--
Use my PGP key if you want to encrypt your replies/messages to me. You are invited to also send me your PGP keys so we can communicate in private.

Post a Comment

Popular posts from this blog

America Must Evolve Fast Or Die

This was a music festival concert venue in Las Vegas, Nevada. A shooter in the 32nd floor of a nearby hotel across the general area opened fire then shot himself. He killed 59 people in what reports call the biggest mass shooting in modern American history to date.
America must learn from the lessons of previous mass shootings otherwise this tragedy will happen again. Reasonable animals evolve when their lives and the life of the pack or group are threatened. They change how they face the problem and not just move on. They don't dismiss reality. They recognize the problem and listen to reason. For those who say nothing can be done, you're wrong. There is something America can do. It is not premature to talk about gun control. This is the time to talk about it.

GnuCash In Arch Linux

I updated a number of packages today and Gnucash won't start. I immediately went to the Archlinux website to see what's happening. I can't seem to find the package in the community repo. There's a thread in AUR on how to compile Gnucash by hand no AUR helpers.

But I tried to compile goffice and webkit2, needed packages for Gnucash-git. No. It doesn't work for me.

Funny but I'm now using my Android Tablet with Gnucash app to record transactions. This is working. We need to have the stable GnuCash back. This is a stop gap on my part. Transactions don't stop when computers stop. Please don't make me go back to paper.

Star Wars: The Last Jedi Poster

The Last Jedi is coming this December 2017. I can't wait. My guess is we can watch it later in the Christmas season or even later than the New Year 2018. The Filipino Film Festival season usually starts the 15th December up to January 7th. Only Filipino films are shown in theaters. Unless there's a special run, we would see it much later.