SELinux
James McKenzie
jjmckenzie51 at earthlink.net
Thu Sep 2 02:17:34 UTC 2010
Takehiko Abe wrote:
>>> Just count the known incidents of such exploits. ZERO. No WMD.
>>>
Hmmm. Is that why we run it on our systems? Just for the record I
cannot discuss anything else, but believe me, the vulnerabilities and
their exploits do exist. There are vulnerabilities and exploits for
every operating system out there on the Internet. However, you are
correct in that there are no active Linux exploits. However, that does
not discount the folks who run Linux and use weak passwords on their
systems. SeLinux has 'saved their bacon' more than once. I don't walk
around with my guard down just because no one has been mugged in my
neighborhood. The same concept applies here. If you are in your home
with all of the doors locked and bolted, you won't get broken into, if
the neighboor has his front door wide open. Living on an island is sort
of what I'm doing with my Linux system, it is not connected nor
connectable to the Internet. My chances of being attacked are zero and
if I was, there would be no net gain for the attacker.
So that is the way it is. You can and did choose not to run SELinux.
That is your decision. If I go on-line with my Linux system, it will be
in permissive mode and that is my decision. I do agree that SELinux is
not the easiest thing to configure (I don't know if there is a GUI
interface and I would be pleasantly surprised if there is.) However,
reading man pages and deciphering them can be tricky. It is best to use
the configurations provided and extend them if needed.
And as to the 'strawman' comment, not needed, I had not read your
message completely and did not give myself enough comprehension time.
We do have the ability and necessity to disagree.
My apology from earlier stands to you and the most of all the list.
James McKenzie
More information about the users
mailing list