Why do I need SELinux?

James McKenzie jjmckenzie51 at earthlink.net
Sat Feb 19 20:37:11 UTC 2005


Felipe Alfaro Solana wrote:
> On 19 Feb 2005, at 18:14, David Cary Hart wrote:
> 
>> I'm running production web, mail and FTP servers and I don't appreciate
>> the value of SELinux. Someone in the DShield list referred to this as
>> "protection for the tinfoil helmet set."
>>
>> However, I do not NAT SSH nor Telnet. For that matter, the only ports
>> that are open are http, smtp, pop3 and ftp.
> 
> 
> All of them are points of attack. SELinux can protect what they can do 
> in case a hacker tries to exploit them. Also POP3 and FTP are considered 
> insecure as they use plain-text logins. Also, POP3 usually runs as root 
> in order to access user mailboxes.
> 
Any program that uses root level access needs SELinux.  I run httpd as 
apache:apache with no access to sudo and apache:apache has only access 
to the httpd directories.
-- 
James McKenzie
With assistance, Now running 2.6.11rc3, Software Suspend 2
and ibm-acpi .1
Need a home for my .rpm




More information about the fedora-list mailing list