SELinux last straw
Les Mikesell
lesmikesell at gmail.com
Wed Oct 17 21:13:46 UTC 2007
Arthur Pemberton wrote:
>
> Now, you're insinuating that his expectations of SELinux caused him to
> practice poor traditional security and so he got hacked. Which
> completely ignores the fact that he did not have SELinux when he got
> hacked.
Are you saying it makes a difference if you've ssh'd in as root?
> And, just recently there are (unsubstantiated) claims from ebay that
> attacks from rooted Linux boxes are on the rise. I have no numbers,
> but by intuition is that very few of those boxes had SELinux running
> in enforcing mode, while they did have traditional UNIX security.
And my unsubstantiated guess would be that those systems were mostly
hacked either through ssh logins or vulnerabilities that could easily
have been avoided if their distribution provided painless updates over
the length of time the machine was in use. I don't think keeping a
fedora system up to date over a period of years qualifies as painless
and I can understand why a lot of old code is still running in spite of
the danger.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list