Fedora (again) forces me to disable SELinux
Gianluca Sforna
giallu at gmail.com
Fri Apr 4 08:57:03 UTC 2008
On Thu, Apr 3, 2008 at 11:33 AM, Matej Cepl <mcepl at redhat.com> wrote:
> On Tue, 01 Apr 2008 03:33:06 +0200, Mark scripst:
>
> > doesn't seem to add that much advantage. But i might be wrong..??
>
> Yes, you are ;-). Even totally screwed up Apache server totally in hands
> of script-kiddie via totally screwed up PHP release (not that it would
> ever happen, just a theoretical example) cannot do more than it is
> allowed to do by SELinux -- and that's not that much.
I think I remember a recent case for SELinux lowering the impact of a
_real_ security issue in one package.
I wanted to blog about it but could not find it anymore :(
More information about the fedora-devel-list
mailing list