SELinux

[Alan Cox]

> So, right now I do not need SELinux even if I "use a web browser to
> view more than a short list of trusted sites".

Of course flash, firefox, all the image libraries it uses and the font
libraries are perfect and never had a bug triggerable remotely - right ?

Nope.

Look for example the Dowd exploit of flash - SELinux blocked it, non
SELinux systems got 0wned. Ditto Mambo against Firefox. Dowd is also
interesting because it was designed and built as a cross platform exploit.

Alan