Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Alan Cox wrote:
>> to access my machine at all. I don't run Apache, sshd, or any other
>> server which would allow ingress to my machine. I've never have anyone
>> even attempt to get root access but me.
> 
> Most modern attacks are against web browsers so your logic is a bit
> flawed.

Not flawed, but also not completely presented. You do have a point.
However, my browser configuration is reasonable as well. There
are always the exploits of unrepaired defects, of course. I try
to keep my browser up to date as much as possible. Most of the
attacks are aimed somewhat at Windows systems, however, so even
if some software got loaded on my machine which I didn't request
(so far none), it most likely couldn't actually execute on my
machine.

I don't permit scripts to run on my browser. To keep a little privacy,
I also don't permit cookies, though they aren't really a threat to the
machine's security. No FLASH, no multimedia. My e-mail reader is set
not to permit scripts nor to allow loading of images nor loading of
files. It also isn't permitted to open links.

So, without scripts or FLASH (which has had a number of security
flaws, I believe) or other multimedia "plugins" to exploit, I
haven't had a problem with stuff getting sent to my machine w/o
my knowledge and consent.

>> Perhaps you should investigate LFS (Linux From Scratch). It isn't
>> that hard to build your own custom system which has exactly what
>> you want on it, no more and no less.
> 
> With the proviso that you also then need to do your own security updates,
> package management and each one you do that is untested by others is in
> turn adding to the probability of flaws.

That's certainly true. I haven't claimed that the producers of
the various distros don't do a "value added".

> Fedora is quite probably not the right basepoint to build a very small
> mini-distro but I'm not sure LFS is the right way to go about it either.

Depends upon one's goals, I suppose. Gentoo is one way to have
some reasonable control, as well, and puts less responsibility
upon the system owner.

Since I was a professional software developer for more than twenty
years, building from scratch and doing package management and version
control are not in any way daunting to me. I have written a small
RTOS, and supported three other hard real time systems over a period of
fifteen years, so fiddling around with kernels and device drivers also
isn't scary.

However, discussing the relative merits of various distros is likely
not really germane to the Fedora list.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux