[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090603172440.GA18561@oblivion.subreption.com>
Date: Wed, 3 Jun 2009 10:24:40 -0700
From: "Larry H." <research@...reption.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Rik van Riel <riel@...hat.com>,
Christoph Lameter <cl@...ux-foundation.org>,
Stephen Smalley <sds@...ho.nsa.gov>, linux-mm@...ck.org,
Alan Cox <alan@...rguk.ukuu.org.uk>,
linux-kernel@...r.kernel.org, pageexec@...email.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change
ZERO_SIZE_PTR to point at unmapped space)
On 09:47 Wed 03 Jun , Linus Torvalds wrote:
>
>
> On Wed, 3 Jun 2009, Rik van Riel wrote:
> >
> > Would anybody paranoid run their system without SELinux?
>
> You make two very fundamental mistakes.
>
> The first is to assume that this is about "paranoid" people. Security is
> _not_ about people who care deeply about security. It's about everybody.
> Look at viruses and DDoS attacks - the "paranoid" people absolutely depend
> on the _non_paranoid people being secure too!
>
> The other mistake is to think that SELinux is sane, or should be the
> default. It's a f*cking complex disaster, and makes performance plummet on
> some things. I turn it off, and I know lots of other sane people do too.
> So the !SElinux case really does need to work.
I'm finally glad we start finding points where we both agree. riel is
talking from the perspective of someone who deals with RHEL/Fedora... so
I could see his inclination towards SELinux over any other
possibilities.
But people without SELinux must be definitely taken care of, and kept
safe whenever possible, if technical circumstances allow this to happen.
Larry
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists