Fedora vs OpenSuse
Rahul Sundaram
sundaram at fedoraproject.org
Fri Jun 15 20:23:53 UTC 2007
Les Mikesell wrote:
> Rahul Sundaram wrote:
>
>> I understand that point and it's valid however it is a important
>> differentiation. SELinux with the assorted set of security
>> enhancements have been very useful in mitigating security issues. Even
>> end users who tend to not like SELinux and turn it off have benefited
>> it from it.
>>
>> While SELinux policies a number of issues have been fixed with
>> software that was using more privileges than necessary or need to be
>> redesigned because there was fundamental flaws.
>
> Can you give some real examples of something where correctly applied
> standard unix/linux permissions and user/group ids would not work but
> SELinux does? Or currently-likely bugs in programs that need suid root
> permissions to open a low-numbered port but otherwise run as a uid with
> limited permissions that SELinuc might catch. It might be easier to
> tolerate the backwards-incompatibilities if we had some actual examples
> of how it has helped anyone.
I already gave one couple of mails earlier in the same thread. There has
been several others. Some referenced in Fedora weekly news too. SELinux
or MAC security confines individual applications which aren't tied to
users in the system. SELinux is a additional layer over traditional
security mechanisms and doesn't conflict with it.
You might want to read http://danwalsh.livejournal.com/ and
http://www.awe.com/mark/blog.
Rahul
More information about the fedora-list
mailing list