Re: Fedora vs OpenSuse
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Les Mikesell wrote:
Rahul Sundaram wrote:
I understand that point and it's valid however it is a important
differentiation. SELinux with the assorted set of security
enhancements have been very useful in mitigating security issues. Even
end users who tend to not like SELinux and turn it off have benefited
it from it.
While SELinux policies a number of issues have been fixed with
software that was using more privileges than necessary or need to be
redesigned because there was fundamental flaws.
Can you give some real examples of something where correctly applied
standard unix/linux permissions and user/group ids would not work but
SELinux does? Or currently-likely bugs in programs that need suid root
permissions to open a low-numbered port but otherwise run as a uid with
limited permissions that SELinuc might catch. It might be easier to
tolerate the backwards-incompatibilities if we had some actual examples
of how it has helped anyone.
I already gave one couple of mails earlier in the same thread. There has
been several others. Some referenced in Fedora weekly news too. SELinux
or MAC security confines individual applications which aren't tied to
users in the system. SELinux is a additional layer over traditional
security mechanisms and doesn't conflict with it.
You might want to read http://danwalsh.livejournal.com/ and
http://www.awe.com/mark/blog.
Rahul
[Index of Archives]
[Current Fedora Users]
[Fedora Desktop]
[Fedora SELinux]
[Yosemite News]
[Yosemite Photos]
[KDE Users]
[Fedora Tools]
[Fedora Docs]
