Drawing lessons from fatal SELinux bug #1054350

Kevin Kofler kevin.kofler at chello.at
Fri Jan 24 01:34:08 UTC 2014


Eric Sandeen wrote:
> Sure, removing firewalls & selinux would be a serious enhancement
> of functionality.
> 
> For malware botnets & spam hosts, especially...

That would mean that all the distributions that do not enable SELinux (nor 
AppArmor) by default are all owned by botnets, not to mention the many 
people who disable those "features". Yet, the only machines that get hit are 
those that have not been updated for months if not years (often running 
ancient EOL distributions, but not even having the last updates provided for 
those). SELinux is by no means necessary to protect your machine (especially 
a firewalled non-server machine). The firewall can be of some use (and I'm 
not advocating dropping that by default), though ideally we shouldn't have 
servers trying to listen to non-local connections by default in the first 
place!

        Kevin Kofler



More information about the devel mailing list