Mike McCarty wrote:
Jim Cornette wrote:
Mike McCarty wrote:
A machine running current SELinux implementation is provably
less secure in some senses than one which is not.
From a very recent security update for httpd.
Update Information:
The Apache HTTP Server did not verify that a process was an
[snip]
And I gave a few examples where running SELinux caused
the machine to be more vulnerable.
[snip]
Just a passing example.
Indeed. Just as passing as the ones I gave. Read what I
wrote above. I put in "in some senses" for a reason.
I'll have to check out the info related to vulnerabilities. SELinux
seems to be more of a system for denials rather than privilege escalation.
SELinux improves security in some senses, and reduces it
in some other senses. It also unarguably makes administration
of a machine more complex and involved. Whether the extra
benefit be worth the extra complexity and vulnerabilites
should be a personal decision at present.
No doubt the choice should be up to the person responsible for running
the computer.
Mike
--
Interfere? Of course we should interfere! Always do what you're
best at, that's what I say.
-- Doctor Who
