this post was submitted on 04 Sep 2024
18 points (71.4% liked)

Linux

47969 readers
1016 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

There has been a steady uptick of people stating that they will migrate (or already have) to Debian – seeking refuge from what they see as greedy corporate influence. I understand the sentiment fully. However, there’s a problem here that I want to talk about: security.

The ugly truth is that security is hard. It’s tedious. Unpleasant. And requires a lot of work to get right.

Debian does not do enough here to protect users.

Long ago, Red Hat embraced the usage of SELinux. And they took it beyond just enabling the feature in their kernel. They put in the arduous work of crafting default SELinux policies for their distribution.

...

However, its default security framework leaves much to be desired. Debian’s decision to enable AppArmor by default starting with version 10 signifies a positive step towards improved security, yet it falls short due to the half-baked implementation across the system.

...

The fundamental difference between AppArmor and SELinux lies in their approach to Mandatory Access Control (MAC). AppArmor operates on a path-based model, while SELinux employs a significantly more complex type enforcement system. This distinction becomes particularly evident in container environments.

...

The practical implications of these differences are significant. In a SELinux environment, a compromised container faces substantial hurdles in accessing or affecting the host system or other containers, thanks to the dual barriers of type enforcement and MCS labels.

TLDR: According to the author, Debian's use of AppArmour is not as effective as RedHat's use of SELinux when it comes to security.

top 17 comments
sorted by: hot top controversial new old
[–] [email protected] 37 points 1 month ago (2 children)

And it's not. SELinux is much more secure, however much more complex. Although AppArmor also do the job, despite being easier to workaround it. But I don't think this is a good argument against Debian.

[–] [email protected] 3 points 1 month ago

The main argument is, the number of Debian's Apparmor policies is not comparable to RHEL's SELinux policies.

[–] [email protected] -1 points 1 month ago

This sounds more like it comes from this persons beliefs and bias than hard evidence. Debian can be slow to patch vulnerabilities but they aren't oblivious to security.

[–] [email protected] 35 points 1 month ago* (last edited 1 month ago) (1 children)

What does an ordinary RHEL admin do when something does not work?

answersetenforce 0

[–] [email protected] 9 points 1 month ago
sudo systemctl disable firewalld
[–] [email protected] 16 points 1 month ago (2 children)

Ok, aside from Android, I've yet to see any serious usage of SELinux in the real world and I've been working on cloud tech for years. Acknowledged issues such as complexity aside, it's really just that much less relevant in a modern, single purpose environment such as Docker/kubernetes/cloud functions/etc

[–] [email protected] 12 points 1 month ago

I've yet to see any serious usage of SELinux in the real world

I too have successfully avoided it, but we must acknowledge that not everyone has been so fortunate.

[–] [email protected] -1 points 1 month ago

You need SElinux to lock down a system

[–] [email protected] 10 points 1 month ago (1 children)

The threat model seems a bit like fearmongering. Sure, if your container gets breached and attacker can (on some occasions) break out of it, it's a big deal. But how likely that really is? And even if that would happen isn't the data in the containers far more valuable than the base infrastructure under it on almost all cases?

I'm not arguing against SELinux/AppArmor comparison, SElinux can be more secure, assuming it's configured properly, but there's quite a few steps on hardening the system before that. And as others have mentioned, neither of those are really widely adopted and I'd argue that when you design your setup properly from the ground up you really don't need neither, at least unless the breach happens from some obscure 0-day or other bug.

For the majority of data leaks and other breaches that's almost never the reason. If your CRM or ecommerce software has a bug (or misconfiguration or a ton of other options) which allows dumping everyones data out of the database, SElinux wouldn't save you.

Security is hard indeed, but that's a bit odd corner to look at it from, and it doesn't have anything to do with Debian or RHEL.

[–] [email protected] 0 points 1 month ago* (last edited 1 month ago)

Debian can be a little slow patching things. However, like you said that's probably not an issue. The biggest risk are large software packages like the Linux kernel and Chromium.

[–] [email protected] 7 points 1 month ago (2 children)

You do know that you can run SELinux on Debian right?

And MAC isn't the end-all for security arguments

[–] [email protected] 7 points 1 month ago (1 children)

Are the default policies good though? There's some collaboration between Fedora and Tumbleweed for SELinux policies, I imagine even more now since Tumbleweed plans to move to SELinux in the near future and derivatives like Aeon are already using SELinux.

[–] [email protected] 0 points 1 month ago* (last edited 1 month ago)

It depends on how you set it up and what software you are running.

Use the defaults as a starting point and then move on from there

[–] [email protected] 0 points 1 month ago

You can lock it down really hard if you want to. Debian's relatively simple design makes it so there are a lot less moving parts in my experience.

[–] [email protected] 4 points 1 month ago

The author is talking about the server use-case here but it’s not any better for desktops either. I think it boils down to the fact that neither of these operating systems are designed for a single-user world like Android (or any other modern mobile OS) and so these security solutions are shoehorned into a world where they don’t really fit into. Because those (server or desktop) programmes have different set of expectations about what’s available to them, than say, an Android app that knows that it has to ask for permission first.

[–] [email protected] 3 points 1 month ago

I use Debian in Qubes. Checkmate.

[–] [email protected] 0 points 1 month ago* (last edited 1 month ago)

Everything has security issues. That's a good thing as it means there are people finding things. I do wish Debian was a little faster on patching things but I also understand that they have a limited number of people. There are thousands on packages and a large amount of new security vulnerabilities. Patching takes man power and they only have so much to go around.

Debian isn't this security mess like this person makes it sound. They can be slow on patches but the reality is a lot of these vulnerabilities aren't getting readily exploited in the wild. Just keep up with the security tracker and follow basic security practices such as least privilege and security in depth.