Re: A great article on why to use SeLinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

klybear wrote:
> On Thu, 28 Feb 2008 09:31:05 +0900, John Summerfield wrote:
> 
>> The only penetrations I've seen arrived by ssh. I don't think selinux
>> would have helped there; the sorts of restrictions I can think of would
>> also prevent the user from doing what users ought be able to do such as
>> download stuff (including email), sending email and so forth.
Some attacks can be prevented with SELinux and ssh although it is just
recently gaining confinement.  If someone out there wanted to experiment
with using SELinux to further confine ssh, it might be an interesting
experiment, (any university student looking for a project?)  SSH
currently has privledge separation which we could take further advantage
of with SELinux and the setcon call, but no one as done this yet.
SELinux will prevent things like buffer overflows in ssh via the
execmem/execmod/execstack/execheap prevention.  It also stops attacks
like grabbing the /etc/shadow file without a password.
> 
> I'm new full time linux user, having temped with one or two distros in 
> the past, and I have to say that my experience of selinux has been 
> frustrating. I never had any Selinux issues with Ubuntu or Debian, but 
> since using Fedora, three of the four problems I've solved so far turned 
> out to be related selinux permissions and the fourth one I'm still 
> working on :)
> 
What problems are you having with SELinux?  Have you reported them in
Bugzilla?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfIGrsACgkQrlYvE4MpobPERwCgm/bOYFUVk/+81hudROJlRJP2
wHkAoLdlbwhfuvexXp4f9N6rP6i2dmou
=7AOh
-----END PGP SIGNATURE-----

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux