selinux eradicator?
David Boles
dgboles at gmail.com
Fri Jun 29 00:45:02 UTC 2007
on 6/28/2007 4:38 PM, Todd Zullinger wrote:
> David Boles wrote:
>> Good for you!!!!
>>
>> What you just did was something like:
>>
>> Build a house.
>> Put everything valuable that you own into it.
>> Disable all of the locks.
>> Open all of the windows and doors.
>>
>> And then walk away.
>>
>> Makes it really easy for the 'bad guys' to steal, or break, your
>> stuff. Like that guy at the University that you mentioned earlier.
>
> So you're claiming that with SELinux disabled, a linux computer has
> almost no protection from abuse? Please back that claim up with data
> to prove it. Either that or lay off the hyperbole, please.
>
> SELinux is yet another layer of security on a reasonably secure OS.
> But I've had servers running on the net for years that have not been
> successfully hacked. And I sleep fine at night without any feeling
> that my windiws and doors are all open to the world.
>
No I am not. But if you look very carefully at what SELinux actually does
it might make sense to you. All of those 'really bad boy' Trojans,
key-loggers, pop-ups' and stuff like that get to 'do their thing' in
Windows because there is nothing watching and saying 'now wait a minute -
what do you think you are doing here? No you don't'. With SELinux you can
make 'exceptions' for certain things just like you do with your firewall.
Oh yeah. I forgot. That 'stuff' does not affect Linux. Yet. But it will.
Someday. Just as soon as the 'bad boys' start to think of Linux as a real
OS and not a Geek Toy for funny looking home users. ;-)
And the people most vulnerable? Those that use precompiled, closed source,
applications and files.
You want to disable it for yourself? Sure. Help yourself Do that. But to
suggest that everyone do that because you find it a PITA is wrong. IMHO.
--
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070628/30cd63ae/attachment-0001.sig>
More information about the fedora-list
mailing list