Bruno Wolff III wrote:
On Tue, Mar 07, 2006 at 17:36:25 +0530,
Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote:
The potential security issues are not limited to open ports and running
services but having the system affected through exploits on the
software installed even when you might have never used them.
Well something needs to use them or they aren't going to be a problem. Common
services are generally not going to be able to run them if they get hacked if
you are using SELinux. The main danger is with plugins. Those need to be
examined carefully in any case. (The other case would be if the user was
running them directly, but if they are doing that they are probably going to
want to accept the risk of running the programs in any case.)
Just having a program with a security hole on disk through a
"everything" installation that you dont use is a potential problem that
leaves room for an exploit. Basically dont install stuff that you wont
use and audit everything that you install and use carefully. SELinux
does go a long way towards preventing many of these issues but the
default targeted policy in Fedora doesnt restrict all the programs
unlike the alternative strict policy which might require a good amount
of customization for regular use.
--
Rahul
