Fedora vs OpenSuse
Les Mikesell
lesmikesell at gmail.com
Fri Jun 15 15:49:14 UTC 2007
Rahul Sundaram wrote:
> I understand that point and it's valid however it is a important
> differentiation. SELinux with the assorted set of security enhancements
> have been very useful in mitigating security issues. Even end users who
> tend to not like SELinux and turn it off have benefited it from it.
>
> While SELinux policies a number of issues have been fixed with software
> that was using more privileges than necessary or need to be redesigned
> because there was fundamental flaws.
Can you give some real examples of something where correctly applied
standard unix/linux permissions and user/group ids would not work but
SELinux does? Or currently-likely bugs in programs that need suid root
permissions to open a low-numbered port but otherwise run as a uid with
limited permissions that SELinuc might catch. It might be easier to
tolerate the backwards-incompatibilities if we had some actual examples
of how it has helped anyone.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list