Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Secure is SELinux?

Posted by Cliff on from the living-up-to-the-hype dept.

cryptonix asks: "After reading this story on the latest release of SELinux, I wonder how secure it really is? Not that I question the NSA's knowhow in security related matters, but has there been any serious testing on it? What features would you like to see added and what aspects need improving?" The only way to really determine how secure something is, will be to put it out in the wild and see how well it stands up to the greatest test of all: time. SELinux probably hasn't had that much time out there yet, since isn't quite a year old yet, so it might be interesting to revisit this question in a couple of years. Until then, how has SELinux stood up to the personal testing of those of you out there who have used it?

3 of 7 comments (clear)

  1. the interface is the key by johnjones · · Score: 3, Insightful

    the secure interface into the kernel seems to be the key to providing a well thought out way of doing security

    if each module that wanted to do security a different way where to fashion its own way of interfacing then I think that only one way would end up having a chance

    They seem to be using a generic interface so all credit to them (they are useing Linux Security Module)

    SELinux came from the doing the same thing to Mach based systems (which is what HURD and Darwin is based on) so maybe the other projects could use this
    (I am sure that Apple would not mind being on the list of US guv approved secure OS)

    It seems that the NSA is actually Protecting U.S. citizens
    Something it sets out in its charter amazing that all those dollars go there and very few things come out of it.

    If I was a Citizen of the US I would write to my representative and commend the NSA on this project and put it in the spotlight (this often means that Projects get better funding and are less likely to disappear).

    Regards

    John Jones

  2. Your admin makes the difference by compwizrd · · Score: 3, Insightful

    As secure as your admin, unfortunately. Any OS can be compromised with enough stupid mistakes, and almost any OS can be secured with enough cluefulness.

    1. Re:Your admin makes the difference by The+Slashdolt · · Score: 3, Informative

      It's really not the String class that prevents buffer overflows in Java. It's the fact that array's are objects, and not pointers to blocks of memory. An array of any type has a member called length that can tell you how long it is. Any attempt to write beyond length will throw an ArrayIndexOutOfBounds Exception instead of just being able to stomp on adjacent memory areas.

      Also, in Java there are no pointers. You have references(similar but not the same). There is no way to point to memory directly, only objects.

      --
      mp3's are only for those with bad memories