[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: From release notes for FC5T3 (web)

Bruno Wolff III wrote:

On Tue, Mar 07, 2006 at 17:36:25 +0530,
 Rahul Sundaram <sundaram fedoraproject org> wrote:
The potential security issues are not limited to open ports and running services but having the system affected through exploits on the software installed even when you might have never used them.

Well something needs to use them or they aren't going to be a problem. Common
services are generally not going to be able to run them if they get hacked if
you are using SELinux. The main danger is with plugins. Those need to be
examined carefully in any case. (The other case would be if the user was
running them directly, but if they are doing that they are probably going to
want to accept the risk of running the programs in any case.)
Just having a program with a security hole on disk through a "everything" installation that you dont use is a potential problem that leaves room for an exploit. Basically dont install stuff that you wont use and audit everything that you install and use carefully. SELinux does go a long way towards preventing many of these issues but the default targeted policy in Fedora doesnt restrict all the programs unlike the alternative strict policy which might require a good amount of customization for regular use.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]