From owner-freebsd-advocacy Fri Jun 22 0:14:18 2001 Delivered-To: freebsd-advocacy@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id A7F8937B443 for ; Fri, 22 Jun 2001 00:14:00 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f5M7Dpl79237; Fri, 22 Jun 2001 00:13:51 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Albert D. Cahalan" , Cc: Subject: RE: Ask a question.. Thanks.. Date: Fri, 22 Jun 2001 00:13:50 -0700 Message-ID: <005701c0faea$e3433e20$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <200106220602.f5M62MG421878@saturn.cs.uml.edu> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: owner-freebsd-advocacy@FreeBSD.ORG >[mailto:owner-freebsd-advocacy@FreeBSD.ORG]On Behalf Of Albert D. >Cahalan > [some deleted] >The seLinux box is full of holes, and everybody knows it. >They have wu-FTPd even. So the attacker gets root, but [more deleted] > >Think about it this way: do you build a huge oil tanker ship >with one strong hull (OpenBSD style) or do you build it with >a double hull and many separate compartments inside (seLinux >style) to make sure a single hole won't dump out all the oil? > I wouldn't build a ship with a double hull and many separate compartments inside that was full of holes that everyone knew about. While it seems that compartmentalizing is more secure, the security of ANY box is only as good as the administrator in charge of it. There's an old saying KISS (Keep It Simple Stupid) and I would be real concerned about a box that had "security" customizations to the level you describe. It seems more like an auditing nightmare. While the big-strong-hull that's hard to puncture might let all the oil out, there's only one hull you have to inspect. The double-hulled one with the compartments is just multiplying the surfaces requiring inspection by ten times or greater, plus all that metal on the inside carries a great deal of weight and has attachment points on - you guessed it - the outer hull. Give it enough time and metal fatigue is going to be ripping holes in some of the weirdest and most unexpected spots. Plus, with the big hull, once there's a hole in it you can get to it immediately and patch it with little interference. With the honeycomb ship your going to be spending hours and hours getting through compartment after compartment to reach the area of impact. I hope the level of silliness in this analogy has you smiling by now, hopefully you can see what I mean. There's strengths to both approaches. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message