Mike McCarty wrote:
A machine running current SELinux implementation is provably less secure in some senses than one which is not.
From a very recent security update for httpd. Update Information: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. Just a passing example. Jim -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list