Re: Thank you, unknown genius!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2008-04-09 at 13:40 -0500, Bruno Wolff III wrote:
> On Wed, Apr 09, 2008 at 14:30:17 -0400,
>   John Aldrich <john@xxxxxxxxxxxxxxx> wrote:
> > On Wednesday 09 April 2008, Aaron Konstam wrote:
> > > > The disappearance of the "disable iptabes" and "disable selinux" options
> > > > counts as a minor annoyance, I guess. But thanks for that too!
> > > >
> > >
> > > Your comment is interesting since when the list members heard that this
> > > option would be removed it was greeted by collective opposition to its
> > > removal.
> > >
> > I, personally, have no use for selinux. But then I'm just a hobbyist and I'm 
> > behind a DSL router doing NAT, so I have little need for selinux. I hope 
> > there's some way to disable it still.
> 
> Assuming you browse the web using firefox, that's changing. Dan Walsh is
> working on confining Firefox. It won't be ready for F9 (at least not enough
> to enable by default), but it's coming. And your current set up doesn't
> protect you from broken plugins (or firefox itself) combined with malicious
> data.
----
the point being that security is about layers of protection and there is
no one single layer that handles everything that is needed for
security...i.e., a firewall / router doing NAT is secure until it isn't
and then you have to deal with it.

Bruno is noting that the current methods of exploitation tend to be web
pages, flash, java, media files and a firewall isn't going to be of much
help with this type of intrusion but selinux clearly could be a layer of
use here.

Yes, disabling SELinux is certainly always possible, and in fact quite
easy to do but that doesn't mean that it's the best choice possible.

Craig

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux