On Mon, Apr 03, 2006 at 12:34:07AM -0700, Craig White wrote: > if Windows exploits are any indication, it is primarily desktop systems > which are the target for malware that infects the system for nefarious No disagreement. > purposes. Why? Because the users are often not knowledgeable, run with > elevated privileges, travel to web sites that attempt every conceivable > exploit in a plethora of scripting languages, etc. Yes. But more packages -- more opportunities for SELinux/RSBAC/grsecurity to break your system. If a user has to choose between a secure or a functional system, he will choose the one that works. > The policy updates from Fedora have been frequent and are automatically > installed/applied Empirically, I had SELinux breaking services on my desktop. It is hard enough to keep the system running in Fedora Core land as it is. No need to extra handicap. It is reasonable for a sysadmin to craft and review security policy on a stable (=static) server with few packages installed and few services offered. Especially, if you're paid to do it. Trying to do this on a rapidly evolving desktop with a rich set of packages, most of them pulled in from a dozen of depositories run by people with not very high stability standards (FC is bleeding edge, after all) is a) not something most people enjoy b) takes more time that most people have, especially if it's a hobby. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Attachment:
signature.asc
Description: Digital signature