Arthur Pemberton wrote:
Now, you're insinuating that his expectations of SELinux caused him to practice poor traditional security and so he got hacked. Which completely ignores the fact that he did not have SELinux when he got hacked.
Are you saying it makes a difference if you've ssh'd in as root?
And, just recently there are (unsubstantiated) claims from ebay that attacks from rooted Linux boxes are on the rise. I have no numbers, but by intuition is that very few of those boxes had SELinux running in enforcing mode, while they did have traditional UNIX security.
And my unsubstantiated guess would be that those systems were mostly hacked either through ssh logins or vulnerabilities that could easily have been avoided if their distribution provided painless updates over the length of time the machine was in use. I don't think keeping a fedora system up to date over a period of years qualifies as painless and I can understand why a lot of old code is still running in spite of the danger.
-- Les Mikesell lesmikesell@xxxxxxxxx
