From release notes for FC5T3 (web)
Rahul Sundaram
sundaram at fedoraproject.org
Tue Mar 7 15:40:12 UTC 2006
Bruno Wolff III wrote:
>On Tue, Mar 07, 2006 at 17:36:25 +0530,
> Rahul Sundaram <sundaram at fedoraproject.org> wrote:
>
>
>>The potential security issues are not limited to open ports and running
>>services but having the system affected through exploits on the
>>software installed even when you might have never used them.
>>
>>
>
>Well something needs to use them or they aren't going to be a problem. Common
>services are generally not going to be able to run them if they get hacked if
>you are using SELinux. The main danger is with plugins. Those need to be
>examined carefully in any case. (The other case would be if the user was
>running them directly, but if they are doing that they are probably going to
>want to accept the risk of running the programs in any case.)
>
>
Just having a program with a security hole on disk through a
"everything" installation that you dont use is a potential problem that
leaves room for an exploit. Basically dont install stuff that you wont
use and audit everything that you install and use carefully. SELinux
does go a long way towards preventing many of these issues but the
default targeted policy in Fedora doesnt restrict all the programs
unlike the alternative strict policy which might require a good amount
of customization for regular use.
--
Rahul
More information about the fedora-list
mailing list