[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: First boot with 20040908 changes

On Fri, 2004-09-10 at 05:40 -0700, Steve G wrote:
> >I'm not sure what the default policy should be though - most people are 
> >happy about not having to go to the commandline to get access to their 
> >partitions and some people have more or less valid security concerns. 
> OK, I've had some time to think this over. Traditionally, the default is on the
> open - all inclusive side of things unless there is the possibility of damage.
> e.g., tcp_wrapper defaults to open, iptable defaults to open. You must intervene
> to secure the system.
> As long as the drives are only detected and mount points made, it don't have a
> problem. If the drives are *mounted*, I have a real problem. By mounting the
> drive, you may suddenly cause a drive to get fsck'ed by a newer program that
> oopses older kernels,

Has this actually happened?

>  or relabeled by SE Linux which will oops older kernels. 

Yes; it's really a bug that the default relabeling procedure will try to
relabel mount points.  I've submitted a patch to fix this.

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]