Selinux under FC-4 ?
Stephen Smalley
sds at tycho.nsa.gov
Thu Mar 31 12:39:39 UTC 2005
On Thu, 2005-03-31 at 02:15 +0100, Timothy Murphy wrote:
> While selinux is probably important for big systems,
> I don't think it offers much for a home user like myself.
Desktop users are vulnerable to exploitation by malicious code and
malicious data-driven attacks.
http://www.nsa.gov/selinux/papers/inevitability/
http://www.selinux-symposium.org/2005/presentations/session3/3-1-walters.pdf
> It's possible, I suppose, that someone might get through my firewall
> (shorewall) but it doesn't seem very likely,
> as I don't run any services visible from outside.
Do you ran any client software that talks to the network (browser, irc,
whatever)? If so, it has the potential to be exploited. Or download
any code and run it? Or play any downloaded music? Or view any
downloaded documents? All of this opens you up to potential
exploitation of flaws in the programs you use or active maliciousness in
any code you run.
> On the other hand, when I very gently tested the water with selinux
> it had a number of unforeseen consequences,
> and it was clear that I would have to study the matter
> if I were to run the selinux service.
Yes, there is a learning curve, and it is a paradigm change for
security. Nonetheless, necessary if you want to solve fundamental
security problems.
--
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency
More information about the fedora-selinux-list
mailing list