SELinux last straw

Les Mikesell lesmikesell at gmail.com
Wed Oct 17 21:13:46 UTC 2007


Arthur Pemberton wrote:
> 
> Now, you're insinuating that his expectations of SELinux caused him to
> practice poor traditional security and so he got hacked. Which
> completely ignores the fact that he did not have SELinux when he got
> hacked.

Are you saying it makes a difference if you've ssh'd in as root?

> And, just recently there are (unsubstantiated) claims from ebay that
> attacks from rooted Linux boxes are on the rise. I have no numbers,
> but by intuition is that very few of those boxes had SELinux running
> in enforcing mode, while they did have traditional UNIX security.

And my unsubstantiated guess would be that those systems were mostly 
hacked either through ssh logins or vulnerabilities that could easily 
have been avoided if their distribution provided painless updates over 
the length of time the machine was in use.  I don't think keeping a 
fedora system up to date over a period of years qualifies as painless 
and I can understand why a lot of old code is still running in spite of 
the danger.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the fedora-list mailing list