So, as part of this quarter’s work, I am learning about SELinux. It really is very interesting to take an in-depth look at some of the finer points of Linux security as well as security in general. Now, it’s no secret that I’m a touch paranoid. As such, I’ve always taken a more-than-cursory interest in security topics. I compulsively patch those computers which I administer as well as keep on top of basic security enhancements like running Bastille to harden my systems. Recently, I have even taken interest in trying to lock things down within my own system exploring techniques such as access control lists (ACL) and maybe even an intrusion detection system (IDS). While the layered security model of the Unix-paradigm does a fairly good job of enforcing the principle of least privilege, there is certainly enough rope left over to hang yourself with. For example, if you are silly enough to execute some little script that contains malicious code, try as it may to frag your system, it will only be able to perform those actions that your user account is authorized to perform. Fortunately, this means that it can’t break your entire system but you can still munge everything in your home directory. If you ask me, that’s still unacceptable. In certain ways, it surprises me that security, while (usually) functioning exactly as intended, is less than it could be. After all, the Orange Book standards (now deprecated) were published in 1985 and compared to Windows and (to a lesser degree) Mac OSX, a properly configured Linux box is one of the most secure computing platforms in existence. However, in other ways, it’s not inconceivable that the security research in the lab would have a tough time making it into mainstream OS designs. Like anything else in the computing world, it’s all give and take. Still, I think that SELinux might be a good solution to some of the problems still facing us today. Only one question really remains: If SELinux is so good, why isn’t it more widely deployed and used?