SELinux removed from desktop cd spin?

Valent Turkovic valent.turkovic at gmail.com
Thu Jan 17 14:53:59 UTC 2008


Yaakov Nemoy wrote:
> On Jan 16, 2008 3:35 PM, Valent Turkovic <valent.turkovic at gmail.com> wrote:
>> Dan you are taking this the wrong way. Of course SElinux is great, of
>> course it prevents from 0day exploits, no body is challenging that.
>> But what was the real threat to average desktop users? Has anybody
>> made use of this 0day exploit threat? is there a linux virus in the
>> wild that spread like wildfire that took down all desktops that didn't
>> use SELinux?
> 
> If a single Linux desktop goes down because of a 0day event, then
> we've already failed at making a secure desktop.  By that point, it's
> too late.
> 
> This is a failure, and we should do everything we can to make sure it
> *never* happens.
> 
> -Yaakov
> 

Scaring people away from fedora desktop with too "paranoid" utilities is 
a good way to ensure that there are not too much users on it even if 
linux judgment 0day comes one day.

Are you actually hoping to really protect from real threats? Not even 
SElinux can protect from rootkits.

Are you actually saying that SELinux is security silver bullet?
If you know anything about security you know that there is no silver 
bullet in security is it always a trade off in usability vs. security.

No desktop spins for fedora I see no actual benefit and huge cost in 
user experience, usabillity and cost of valuable CD space.

A quick googleing showed that security experts see SELinux like a 
backdor and as a problem just waiting to happed, and they suggest 
UNINSTALLING SElinux!

"As a final note, I follow the logic of the grsecurity team, who claim 
that LSM and SELinux are backdoors waiting to happen."

See the link:
http://www.matasano.com/log/650/is-open-source-rootkit-detection-behind-the-curve/

Valent.




More information about the fedora-devel-list mailing list