Wandering Thoughts archives

2013-06-04

SELinux's toxic mistake

Okay, it's not SELinux's (the technology's) mistake. It's the mistake of people who support SELinux, what outsiders see as the SELinux community. From an outside perspective it's basically the same thing. The toxic mistake is this:

Seriously, stop disabling SELinux. Learn how to use it before you blindly shut it off.

(via, which is another illustration of this, from @jordansissel.)

Let me translate this: 'the beatings will continue until morale improves'.

When people say 'this security tool is too hard to use, gets in my way, and isn't giving me any real benefits', telling them 'it's great if you only spend more time learning how to deal with it' is doubling down on your problems. If you then compound things by telling people that they are just stupid and lazy, don't be surprised if they immediately tune you out because you're acting like a zealot (you may or may not be one, it doesn't matter to people).

It's been apparent for years that SELinux had serious problems in real life (regardless of what the theory says). For example, it's widely considered standard practice to disable SELinux immediately on server installs (as mentioned in the Twitter thread I got this from). The reason people reject SELinux in its current state is pretty simple: security is not their top priority. Unless you are a high risk target, spending almost any time beating SELinux into shape on your machine is a bad tradeoff and pretty much a waste (partly because SELinux is just a backup).

(If SELinux works when you don't touch anything you might as well leave it on, but turning it off the moment it costs you any time is a perfectly rational reaction. So is turning it off immediately so that it can't waste your time.)

In the face of this, for the SELinux community to feel that people are stupid, lazy, or ignorant for not jumping through the magic SELinux hoops and all would be well in the world if only they would mend their woeful ways is breathtakingly stupid and counterproductive. At a stroke it sabotages almost any chance SELinux might have to actually make meaningful improvements. Not that such improvements would be easy even if the SELinux community listened to what the world was telling them (because it's a hard problem), but if the community did listen they might at least have some sort of chance.

(Not that this sort of blindness is new in security or in general.)

(What I think the SELinux community should be doing is a sufficiently large issue that it doesn't fit in the margins of this entry. Of course it's an open question if SELinux can be saved or is worth saving in general given its origins; I think there's a real argument that SELinux's security model simply does not meet people's real security needs by design.)

linux/SELinuxToxicMistake written at 01:58:50;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.