selinux eradicator?
Jim Cornette
fc-cornette at insight.rr.com
Fri Jun 29 11:14:59 UTC 2007
Mike McCarty wrote:
> Jim Cornette wrote:
>> Mike McCarty wrote:
>>
>>>
>>> A machine running current SELinux implementation is provably
>>> less secure in some senses than one which is not.
>>>
>>
>> From a very recent security update for httpd.
>>
>> Update Information:
>>
>> The Apache HTTP Server did not verify that a process was an
>
> [snip]
>
> And I gave a few examples where running SELinux caused
> the machine to be more vulnerable.
>
> [snip]
>
>> Just a passing example.
>
> Indeed. Just as passing as the ones I gave. Read what I
> wrote above. I put in "in some senses" for a reason.
I'll have to check out the info related to vulnerabilities. SELinux
seems to be more of a system for denials rather than privilege escalation.
>
> SELinux improves security in some senses, and reduces it
> in some other senses. It also unarguably makes administration
> of a machine more complex and involved. Whether the extra
> benefit be worth the extra complexity and vulnerabilites
> should be a personal decision at present.
No doubt the choice should be up to the person responsible for running
the computer.
> Mike
--
Interfere? Of course we should interfere! Always do what you're
best at, that's what I say.
-- Doctor Who
More information about the users
mailing list