Hacker News new | ask | show | jobs
by wyager 3491 days ago
> There is no good reason to avoid implementing extended access controls when the greater security and control they provide is irrefutable.

Disagreed. MAC is a crutch and a hack, not a solution. We should prefer not to rely on half-assed, overcomplicated, and formally unverifiable palliative measures.

If you want security, you fundamentally must use secure software. No amount of sandboxing or access control wrapped around a vulnerable garbage heap is going to stop the garbage heap from getting hacked in the first place.
1 comments
nickpsecurity 3491 days ago
There were numerous examples of MAC, esp SELinux, stopping vulnerabilities. There's also plenty of examples of bugs and vulnerabilities in software with OpenBSD even fixing bugs regularly. The claim that one should reduce bugs and have damage limitation to reduce overall risk is rock solid with proof in the field.

The refrain of OpenBSD supporters is, "It's not necessary and won't help..."

The reality in field deployments, "It was and did."

QED.

link
wyager 3491 days ago
> There's also plenty of examples of bugs and vulnerabilities in software with OpenBSD even fixing bugs regularly.

As the OpenBSD devs will tell you, there have only been two known vulnerabilities in default OpenBSD installs in the history of OpenBSD. This strongly suggests that having decent software quality is an effective way to prevent vulnerabilities from existing in the first place.

> The refrain of OpenBSD supporters is, "It's not necessary and won't help..."

No, the refrain is "it's better to spend effort curing the disease than treating the symptoms". If we put half the effort we put into palliative defense measures into formal verification or doing things right the first time, I suspect it would be drastically more effective.

link
nickpsecurity 3491 days ago
"As the OpenBSD devs will tell you, there have only been two known vulnerabilities in default OpenBSD installs in the history of OpenBSD. This strongly suggests that having decent software quality is an effective way to prevent vulnerabilities from existing in the first place."

I addressed that myth in my main comment. See here:

http://pastebin.com/6cW3FyJE

They just assess and count differently than most folks. ;)

" If we put half the effort we put into palliative defense measures into formal verification or doing things right the first time, I suspect it would be drastically more effective."

I agree being on side of high-assurance security. OpenBSD doesn't so I don't know your statement supports what they do. They systematically avoid formal verification like what you described, safer languages, coding styles for static analysis, etc. It's people from my side of things promoting or building on those. They just hunt bugs in C code by eye and hope their probabilistic mitigations always work. Totally different.

link