Fedora vs OpenSuse

Les Mikesell lesmikesell at gmail.com
Fri Jun 15 15:49:14 UTC 2007


Rahul Sundaram wrote:

> I understand that point and it's valid however it is a important 
> differentiation. SELinux with the assorted set of security enhancements 
> have been very useful in mitigating security issues. Even end users who 
> tend to not like SELinux and turn it off have benefited it from it.
> 
> While SELinux policies a number of issues have been fixed with software 
> that was using more privileges than necessary or need to be redesigned 
> because there was fundamental flaws.

Can you give some real examples of something where correctly applied 
standard unix/linux permissions and user/group ids would not work but 
SELinux does?  Or currently-likely bugs in programs that need suid root 
permissions to open a low-numbered port but otherwise run as a uid with 
limited permissions that SELinuc might catch.  It might be easier to 
tolerate the backwards-incompatibilities if we had some actual examples 
of how it has helped anyone.

-- 
   Les Mikesell
    lesmikesell at gmail.com





More information about the fedora-list mailing list