Fedora vs OpenSuse

[Rahul Sundaram]

Les Mikesell wrote:
> Rahul Sundaram wrote:
> 
>> I understand that point and it's valid however it is a important 
>> differentiation. SELinux with the assorted set of security 
>> enhancements have been very useful in mitigating security issues. Even 
>> end users who tend to not like SELinux and turn it off have benefited 
>> it from it.
>>
>> While SELinux policies a number of issues have been fixed with 
>> software that was using more privileges than necessary or need to be 
>> redesigned because there was fundamental flaws.
> 
> Can you give some real examples of something where correctly applied 
> standard unix/linux permissions and user/group ids would not work but 
> SELinux does?  Or currently-likely bugs in programs that need suid root 
> permissions to open a low-numbered port but otherwise run as a uid with 
> limited permissions that SELinuc might catch.  It might be easier to 
> tolerate the backwards-incompatibilities if we had some actual examples 
> of how it has helped anyone.

I already gave one couple of mails earlier in the same thread. There has 
been several others. Some referenced in Fedora weekly news too. SELinux 
or MAC security confines individual applications which aren't tied to 
users in the system. SELinux is a additional layer over traditional 
security mechanisms and doesn't conflict with it.

You might want to read http://danwalsh.livejournal.com/ and 
http://www.awe.com/mark/blog.

Rahul