The Washington Post published an article today which describes the ongoing tension between the security community and Linux kernel developers. This has been roundly denounced as FUD, with Rob Graham going so far as to claim that nobody ever attacks the kernel.
Unfortunately he's entirely and demonstrably wrong, it's not FUD and the state of security in the kernel is currently far short of where it should be.
[Here is] an example. Recent versions of Android use SELinux to confine applications. Even if you have full control over an application running on Android, the SELinux rules make it very difficult to do anything especially user-hostile. Hacking Team, the GPL-violating Italian company who sells surveillance software to human rights abusers, found that this impeded their ability to drop their spyware onto targets' devices. So they took advantage of the fact that many Android devices shipped a kernel with a flawed copy_from_user() implementation that allowed them to copy arbitrary userspace data over arbitrary kernel code, thus allowing them to disable SELinux.
(Score: 3, Interesting) by Gaaark on Thursday November 12 2015, @01:07AM
Can you (or anyone else) tell me how hard life would get using an SELinux kernel?
To print, do you need a password?
To play a movie, do you need a password?
To install a program, would you need to input multiple password requests?
*How does SELinux make your life harder?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1, Interesting) by Anonymous Coward on Thursday November 12 2015, @01:12AM
SELinux's usability, illustrated once again [utoronto.ca]
(Score: 4, Informative) by frojack on Thursday November 12 2015, @08:12AM
Set up right, it doesn't make life harder at all.
It just allows you to do the things you are allowed to do, and stops you from doing the things you aren't supposed to do.
Its a much finer grained permissions system. I suggest some basic reading: http://www.cyberciti.biz/faq/what-is-selinux/ [cyberciti.biz]
https://en.wikipedia.org/wiki/Security-Enhanced_Linux [wikipedia.org]
No, you are mistaken. I've always had this sig.
(Score: 2) by Gaaark on Thursday November 12 2015, @10:43AM
Thanks.... now to do some reading.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---