On Tue, 2006-04-04 at 01:49 -0500, Mike McCarty wrote: > One thing I used to remind my engineers (when I was technical lead) > was "if it isn't in the requirements spec, it doesn't go into > the software", because every line of code is one more place for > a defect to hide. So I'm sure that SELinux has a number of > exploitable defects itself. I wouldn't be completely surprised, most things seem to have some flaw. I think it does have one defect already; people having too much faith in it. If you're not careful, you'll think you're safe simply because it's there, like some people feel about their firewalls, anti-virus/spyware/trojan/whatever software. "Chroot" was seen as the answer to all problems by some a while ago, and it didn't quite live up to expectations. They all have a tendency to cause another problem: Those who create exploitable software being less concerned about making their software safer, because they consider that something else will watch their back. -- (Currently running FC4, occasionally trying FC5.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
