No need for AV tools on Linux, eh?
Bruno Wolff III
bruno at wolff.to
Sat Feb 12 17:15:31 UTC 2011
On Sat, Feb 12, 2011 at 11:25:39 -0500,
Darr <darr at core.com> wrote:
> On Saturday, February 12, 2011 @12:46 zulu, Tim
> <ignored_mailbox at yahoo.com.au> scribed:
>
> > Well, it /could/ stop either threat, however we don't run SELinux
> > as tightly as it could be run.
>
> I'm not sure who "we" is, but I run it in restricted mode and rarely even
> get told something has mislabeled files... and when I do get such a message,
> an autorelabel and reboot nearly-always fixes it (I don't mind rebooting
> once a month or so... else I would SU - and change their context manually).
> I don't remember the last time I got an actual denial. More than a year ago,
> for sure.
I think you may have misunderstood the complaint. I believe he was suggesting
that the rules being enforced by selinux are not tight enough to stop some
of the issues when people are tricked into running trojans.
Most of selinux enforcement is targeted at services and a few user tools
that commonly process untrusted data (in particular firefox). There is
also a generic sandbox setup, but people have to actively use it (or configure
their tools to use it).
More information about the users
mailing list