[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On Fri, 2007-09-21 at 10:40 -0500, Mike McCarty wrote:
> After a machine has been compromised, IMO it must be restored
> to a pre-compromise state. Trying to mitigate damage on a
> compromised machine is wrong-headed. 

While that is *also* true (trying to mitigate damage), that's not the
only purpose of SELinux.  You've grabbed hold of one end of a
multi-pronged stick, and you won't see the bigger picture.  This is why
you're getting a drubbing over the matter.

SELinux is no more *just* for mitigating compromised machines than a
firewall is.  It's another part of the armor protecting against that
happening in the first place.

You may well not have a "compromised" machine, but one that has a defect
that may be exploitable.  SELinux is another part of the protective
process, just like other protective software.  Some use to try and prop
up their broken systems, others use them to help prevent their system
being compromised in the first place.

-- 
[tim bigblack ~]$ uname -ipr
2.6.22.5-76.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]