SELinux removed from desktop cd spin?

Benjamin Kreuter ben.kreuter at gmail.com
Thu Jan 17 16:41:31 UTC 2008 

On Thursday 17 January 2008 10:27:22 Valent Turkovic wrote:
>
> What are the real security issues on desktop? OpenOffice exploits? Gnome
> expoits? What? You aren't running apache, mysql and php

Really?  I can think of a few apps that use Apache or MySQL on the desktop.  
The first that comes to mind is Amarok, which can use MySQL to manage 
information about your music collection -- and I even know someone whose 
music collection is so large that he had to use MySQL because SQLite was 
breaking.

Just because you can't think of how these servers might be used at home 
doesn't mean that there is no use for them.  It just means that you have 
different needs, and therefore haven't found yourself using them.

> on desktop and  
> those services shouldn't be running. Maybe ssh is running and that can
> be hardened really easily with firewall rules.

Maybe OpenSSH has an exploit that allows a remote user to start writing to 
rc.local, allowing them to take control of a system once it reboots.  SELinux 
solves that problem.

> What is actual threat 
> that SELinux prevents on Fedora Desktop?

It may not even be known; SELinux makes the system less vulnerable to an 
attack.  It also helps expose apps that are doing things that could worsen an 
attack, like GDM trying to gain write access to /etc/passwd.

> Is it just there because SELinux exists and it makes things secure in
> general but also gets in way of user experience? That is a poor excuse
> IMHO.

It gets in the way of the user experience when the user is doing something 
potentially dangerous.  Most of the complaints about other systems is that it 
is too easy for the user to expose themselves to viruses and worms, but the 
only way to truly prevent that is to get in the user's face when he does 
something like that.

There really is no good argument against SELinux, especially with permissive 
mode available for people who don't want to be bothered tweaking ACLs for 
every single service they plan to use.  It is also possible to disable 
SELinux entirely, if that is what you want to do.  Disabling it on the 
desktop spin would only annoy the people who want it enabled, because they 
would then have to wait while their filesystem is scanned (it takes a very 
long time).

-- B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080117/3bf4f637/attachment.sig>

More information about the fedora-devel-list mailing list