Thank you, unknown genius!
Les Mikesell
lesmikesell at gmail.com
Wed Apr 9 21:52:52 UTC 2008
Craig White wrote:
>
> Bruno is noting that the current methods of exploitation tend to be web
> pages, flash, java, media files and a firewall isn't going to be of much
> help with this type of intrusion but selinux clearly could be a layer of
> use here.
Does it actually prevent browser plugins from doing things that the
running user can't do in the default configuration?
> Yes, disabling SELinux is certainly always possible, and in fact quite
> easy to do but that doesn't mean that it's the best choice possible.
On the other hand, if you have a limited amount of time it might be
better spent getting the simple layers right than on learning a complex
add-on layer that is still new enough that you can expect bugs.
--
Les Mikesell
lesmikesell at gmail.com
More information about the users
mailing list