SELinux removed from desktop cd spin?
Benjamin Kreuter
ben.kreuter at gmail.com
Thu Jan 17 15:08:57 UTC 2008
On Thursday 17 January 2008 09:53:59 Valent Turkovic wrote:
> Are you actually saying that SELinux is security silver bullet?
> If you know anything about security you know that there is no silver
> bullet in security is it always a trade off in usability vs. security.
>
Which we try to mitigate with "permissive" mode.
> A quick googleing showed that security experts see SELinux like a
> backdor and as a problem just waiting to happed, and they suggest
> UNINSTALLING SElinux!
An even quicker search on Google reveals that RHEL5 with SELinux enabled and
in enforcing mode has top security marks from the NSA, rivaled only by
TrustedSolaris 10.
> "As a final note, I follow the logic of the grsecurity team, who claim
> that LSM and SELinux are backdoors waiting to happen."
>
Any program that provides security is a backdoor waiting to happen. What is
your point? SELinux is meant to secure common exploits in other programs,
such as Apache trying to write to /etc/passwd. Could SELinux be vulnerable?
Sure. So could your keyboard driver.
-- Benjamin Kreuter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20080117/1bc01600/attachment-0002.bin
More information about the devel
mailing list