Re: selinux eradicator?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/28/07, Mike McCarty <Mike.McCarty@xxxxxxxxxxxxx> wrote:
Rahul Sundaram wrote:
> Mike McCarty wrote:
>
>>
>> No, that was not my argument. My argument is that people are
>> commenting from a position of conjecture. There is no scientific
>> conclusive study showing that SELinux unarguably improves
>> security of machines.
>
>
> There is. SELinux is MAC security framework and is based on scientific
> studies over decades which clearly show their advantages. Again read
> some of the work at NSA SElinux site.

Mandatory Access Control is not a thing, it is a technique. SELinux
is a thing, which may or may not be a good implementation of MAC.

>> Not one attack on my machine has made it past my router. Not one.
>> My router sometimes logs thousands of attempts per month. I've been
>> running since about October 2005. I'd say it's pretty debatable that my
>> machine would be more secure with SELinux enabled.
>
> A machine running SELinux enabled is provably more secure than a machine
> running merely a firewall or router.  They are not comparable security
> technologies.

A machine running current SELinux implementation is provably
less secure in some senses than one which is not.

I don't often agree with Rahul Sundaram, plus I get the feeling that
he doesn't like me. But I can't stand by and have you spreading this
kind of FUD, especially considering that you have admitted to _not_
using SELinux.

Please show some geek pride and not speak on this matter since by your
own admission you have no recent experience with it.

Furthermore this claim of yours is extremely broad, and baseless.


[ snip ]

> It is a fact because actual development work is being done on these user

It is faith that SELinux will survive at all.

How faith entered into a thread about software I have on idea.

[snip]

> So again, completely removing all SELinux libraries (as opposed to
> merely turning it off) is very intrusive and significant amount of
> effort that does not offer any significant advantages but if you want
> really want to put the effort and send patches you are welcome to do so.
> It is certainly easier than creating a different spin however which you
> were advocating for.

Erm, ADDING SELinux was an intrusive effort, which is now difficult
to undo.

My thanks to all those who worked, and continue to work on SELinux

--
Fedora Core 6 and proud

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux