Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/17/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> Arthur Pemberton wrote:
> >>>
> >> The shortcut test is to su to the user in question and try to access the
> >> file/device.  The only slightly more complicated way is to walk down the
> >> path looking at the permissions for user/group/other on the file and the
> >> directories above.
> >
> > Well, these "traditional" methods didn't work for your friend Karl,
> > since he was hacked with them.
>
> Perhaps he had a false sense of security from the supposed other layers
> claimed to be present, when paying attention to the obvious would have
> been more beneficial.  That's the main reason I question the value of
> SELinux in the first place.  It doesn't come into play unless you have
> already made a mistake with the simple things and it diverts attention
> and makes it appear to be unimportant to get those things right.


You know, this is why I don't even think it makes sense discuss these
kind of things. So far, everyone arguing against SELinux is never
fully aware of the facts at hand.

First of all, you've launched yet another attack on SELinux simply
because Karl said it was SELinux, never mind that there is a high
likely hood that he is wrong.

Now, you're insinuating that his expectations of SELinux caused him to
practice poor traditional security and so he got hacked. Which
completely ignores the fact that he did not have SELinux when he got
hacked.

And, just recently there are (unsubstantiated) claims from ebay that
attacks from rooted Linux boxes are on the rise. I have no numbers,
but by intuition is that very few of those boxes had SELinux running
in enforcing mode, while they did have traditional UNIX security.



-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux