Re: SElinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 03, 2006 at 12:34:07AM -0700, Craig White wrote:

> if Windows exploits are any indication, it is primarily desktop systems
> which are the target for malware that infects the system for nefarious

No disagreement.

> purposes. Why? Because the users are often not knowledgeable, run with
> elevated privileges, travel to web sites that attempt every conceivable
> exploit in a plethora of scripting languages, etc.

Yes. But more packages -- more opportunities for SELinux/RSBAC/grsecurity
to break your system. If a user has to choose between a secure or a functional
system, he will choose the one that works.
 
> The policy updates from Fedora have been frequent and are automatically
> installed/applied

Empirically, I had SELinux breaking services on my desktop. It is
hard enough to keep the system running in Fedora Core land as it is.
No need to extra handicap.

It is reasonable for a sysadmin to craft and review security policy
on a stable (=static) server with few packages installed and few 
services offered. Especially, if you're paid to do it.

Trying to do this on a rapidly evolving desktop with a rich set
of packages, most of them pulled in from a dozen of depositories
run by people with not very high stability standards (FC is bleeding
edge, after all) is a) not something most people enjoy b) takes
more time that most people have, especially if it's a hobby.

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux