Red Hat Seeks to Deliver Most Secure Linux

Jack writes "ITO is running a story on Red Hat's plan to become the most secure Linux platform. From the article: "Red Hat officially joined The National Information Assurance Partnership to bring an improved level of security and assurance to Linux. This means that the next version of Red Hat Enterprise Linux will contain kernel and Security Enhanced Linux policy enhancements, developed by IBM, Red Hat, TCS, NSA and the community.""

Is it just me?

[FragHARD]

Or does this sound just like m$, and their constant rant about security, increasing security, and more security.... When all the while security is just non-existent (at least with m$)

But SELinux SUCKS for enterprise

[melted]

Here's a simple task that you CAN'T do with SELinux: set up Apache and Samba so that Apache's html directory is shared using samba. Should be simple, right? Bzzt. Wrong answer. You will have to either turn off SELinux for Samba or for Apache, you can't protect both because they need to access the same files. From what I've seen, most people just turn SELinux off.

Now, from theoretical security standpoint this totally makes sense - you can't guarantee complete isolation between two apps if both access the same set of files and one of them can write. However, in the real world this is a nightmare. SELinux folks rightfully refuse to fix this - they've created SELinux for an entirely different purpose - to build verifiably secure systems, even if they can't run Apache on them.

What Linux needs is a proper ACL implementation a-la Windows (don't laugh - they have a really good one) or Mac OS X.