Re: "Many" happy selinux users nowadays

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Andy Green wrote:

[snip]


It's obviously up to you how you deal with that, but I strongly believe
that you can't inherently trust machines on any internal network any


My issues with SELinux are:

(1) it is wrong-headed
(2) it is pervasive
(3) it has defects, and always will

The additional "security" it offers to an already compromised
system is debatable. This thread proves it. That it causes
additional admin is not debatable. So, there are costs associated
with using it. Whether those costs are justified by the perceived
threat is a subjective, and I would argue EVEN IF IT IS IN SOME
CIRCUMSTANCES USEFUL[*] installation dependent, matter.

SELinux might protect against a malicious intruder who is already
on your machine. I don't have any. There are exactly three users
defined on my machine who can actually log on:

root
me
another guy who no longer has access to my machine, a friend.

My machine sits behind a hardware firewall which doesn't
even respond to attempts to access, except for the e-mail
port, which is closed. Perusal of the logs on my machine
show not even one attempt to gain access. Perusal of the
logs on the firewall show numerous attempts to gain access.

I don't download and execute other people's programs.

I don't permit Java or Javascript to run on my machine.

I don't permit my mailer to use links or to download images.


You have to mix in the level of grief to implement it.  For example
everyone keeps agreeing that the initscripts and especially shutdown can
be made MUCH better, but it's so frightening to take care of everything
with minimal breakage that somehow Fedora doesn't seem to get anywhere
with it (over years).


I don't know to what you refer.

[*] I don't subscribe to this, but even if it is stipulated,
in that case it's still an installation-dependent matter.
Even if SELinux were actually useful, which I do not admit,
not all installations would have the additional security
benefit justify the additional overhead.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux