Why do I need SELinux?
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Mon Feb 21 00:38:54 UTC 2005
Rahul Sundaram wrote:
> oh please. I was discussing about the NEED of SELinux for everyone
But does _everyone_ need SELinux?
I'm willing to be convinced, but I haven't been yet.
I think I am probably a typical home user,
perhaps with a bit more equipment than normal.
My connection to the outside world is through my desktop, and ADSL.
I connect to my ISP by dhcp (and pppoe).
I'm running shorewall standard two-interface setup on my desktop.
As far as I can see, this means that no-one outside my system
should be able to get in,
and I certainly see hundreds of packets each day on LogWatch
that have failed to get in through a large number of ports.
(1) Am I deluded in thinking myself reasonably safe?
(2) It also seems to me that if someone did succeed in getting in
they would very probably have superuser privileges,
and so could counteract SELinux if they wanted to?
So for both these reasons (but mainly (1))
I remain unconvinced that SELinux has anything to offer _me_.
And what is more, it seems to me that the same will apply
to most home users,
who I assume are not running web servers accessible by the world.
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the fedora-list
mailing list