On Friday 21 September 2007, Ed Greshko wrote: >Gene Heskett wrote: >> I have a firewall that has so far been bulletproof. Its called dd-wrt, >> run on an old scrap x86 box, booting busybox from a cf card, no drives in >> it & only 2 fans. > >I'm not sure why you are comparing the functions of SELinux with the >functions of a firewall. It would be nice to hear your interpretation of >the issues that SELinux targets v.s. what a Firewall targets. If you think >they serve the same functions it would be nice if you would cite your > source. Several people have referred to 'that hacker' getting into the system, which is how I at least made the connection to a firewall. And to me, the firewall function of standing guard between my stuff and the rest of the planet is at least 10,000 times more important than silently, no log was generated, blocking off any and all access to the hardware data ports (usb and serial) even when that file says SELINUX=disabled. In truth, and from the clues this old troubleshooter has detected, the only thing disabled by the above line is the logging, selinux is still standing behind the user, with a baseball bat hitting you in the back of the knee joints but using a pillow to muffle the noise. But that will be denied vociferously by those whose purpose it is to see to it that we run with it enabled. If you don't believe that, just watch this space... Questions that need answered _here_, where the whole list will read them are: Why do the supposed selinux functions, if 10,000% less important than a firewall (my personal estimation anyway) seem to take 10,000 times more maintenance than the far more important firewall? And why is it that any "refutation of my claims messages" all have little or nothing to say except point the reader to other net locations where the propaganda to be read was written by someone WITH an agenda. And why is it that an error if logged, can't it be grepped for in the man-pages and the correct command line option to fix it be found? I suppose the theory there is not to make it too simple for the hacker to fix, but if the hacker has gotten to that point, I'll submit that you already have a hell of a lot bigger problem than selinux is ever going to fix. Rant/Observation: Its a 'solution' looking for a 'problem' and if it can't find a problem, it will make 10 problems just for spite. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) That's easy to fix, but I can't be bothered. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
