SELinux removed from desktop cd spin?
Karsten 'quaid' Wade
kwade at redhat.com
Thu Jan 17 23:25:19 UTC 2008
On Wed, 2008-01-16 at 22:26 +0100, Valent Turkovic wrote:
> I will bet anybody who wants that Fedora live cd users will have more
> trouble from using SElinux than benefit. Also that ubuntu, opensuse
> and other distros that don't use SElinux won't be in trouble from some
> 0day exploit.
I'd take that bet if there were ever any way to prove who won.
Unfortunately, when a live media for any Linux distro ships with an
unknown zero-day exploit ... how are you ever to know:
* How many are still out there?
* How many got updated?
* How many were exploited and no one ever knew?
Since we still get reports from people running RHL 7.x, believe me that
a live media with a built in exploit can live on to haunt you for many
years.
Similar to your first comparison, how would we ever know, of every
exploit blocked by SELinux, is it better or worse to have blocked that
exploit than to have encountered whatever potential problems with
SELinux?
So, you are on for the bet, if you can figure out a way to track the
results. Otherwise, repeating that you "know security" and "know that
SELinux is worse than what it prevents" are just assertions without
facts. You are welcome to your opinion, but please don't undermine the
good security reputation of Fedora to serve it.
- Karsten
--
Karsten Wade, Developer Community Mgr.
Dev Fu : http://developer.redhatmagazine.com
Fedora : http://quaid.fedorapeople.org
gpg key : AD0E0C41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080117/142b2625/attachment.sig>
More information about the fedora-devel-list
mailing list