James McKenzie jjmckenzie51 at
Thu Sep 2 02:17:34 UTC 2010

Takehiko Abe wrote:
>>> Just count the known incidents of such exploits. ZERO. No WMD.
Hmmm.  Is that why we run it on our systems?  Just for the record I 
cannot discuss anything else, but believe me, the vulnerabilities and 
their exploits do exist.  There are vulnerabilities and exploits for 
every operating system out there on the Internet.  However, you are 
correct in that there are no active Linux exploits.  However, that does 
not discount the folks who run Linux and use weak passwords on their 
systems.  SeLinux has 'saved their bacon' more than once.  I don't walk 
around with my guard down just because no one has been mugged in my 
neighborhood.  The same concept applies here.  If you are in your home 
with all of the doors locked and bolted, you won't get broken into, if 
the neighboor has his front door wide open.  Living on an island is sort 
of what I'm doing with my Linux system, it is not connected nor 
connectable to the Internet.  My chances of being attacked are zero and 
if I was, there would be no net gain for the attacker.

So that is the way it is.  You can and did choose not to run SELinux.  
That is your decision.  If I go on-line with my Linux system, it will be 
in permissive mode and that is my decision.  I do agree that SELinux is 
not the easiest thing to configure (I don't know if there is a GUI 
interface and I would be pleasantly surprised if there is.)  However, 
reading man pages and deciphering them can be tricky.  It is best to use 
the configurations provided and extend them if needed.

And as to the 'strawman' comment, not needed, I had not read your 
message completely and did not give myself enough comprehension time.

We do have the ability and necessity to disagree.

My apology from earlier stands to you and the most of all the list.

James McKenzie

More information about the users mailing list