Re: A great article on why to use SeLinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lamar Owen wrote:
On Tuesday 26 February 2008, Jim wrote:
http://www.linuxworld.com/news/2008/022408-selinux.html

Folks who doubt SELinux's ultimate value need to read this article. It is an excellent case for why to do this.

And given that the first compromised software (HP's software) is more of a workstation software, SELinux can/could prevent your Linux desktop from becoming a zombie/bot just like the poor Windows boxes become.

SELinux: not just for servers anymore.

Inconveniences aside, if workstation/desktop software (like firefox, evolution, kmail, etc) can be exploited and turn a Linux desktop/laptop into a botnet zombie without SELinux, then it seems to me that we collectively need to work on making SELinux work properly so that Linux doesn't get the same black eye that Windows has for botnet purposes. Hrmph, a Linux box, with all the typical dev tools installed, would make a ten times better botnet zombie than Windows anyway!

The only penetrations I've seen arrived by ssh. I don't think selinux would have helped there; the sorts of restrictions I can think of would also prevent the user from doing what users ought be able to do such as download stuff (including email), sending email and so forth.

Still need good traditional security - sound passwords, VPNs, don't allow more dangerous service such as ssh listen for connexions from undesirable sources.

I've always thought the idea of selinux a good one, but it seems to me overly complex. And the implementation in f9alfa is fairly disastrous. (depending on what one needs to do).

--


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux