Am 06.09.2013 00:35, schrieb Javier Perez: > > I know it is a long shot and a lot of paranoid-think, after all, if I have to depend on SELinux to defend my > system > > from external breaches, I am F*ck up already. > > says who? > > I say so, based on my current knowledge of how to defend your system from external threats but your knowledge is very little it seems > If your ONLY defense left is SELinux then one is quite naked to the world with only one > last fig leaft to protect you :) uneducated and wrong guess - SELinux is not your only defense - it is the last resort by design > Althought I think you answered this line too fast, taking that line out of context, given the explanation I gave in > the next paragraph. no my daily job is security based on knowledge and not on uneducated guesses > > Attackers should first have to breach the firewall and then obtain some sort of user access > > *what* has a firewall to do with a potential buffer overlow in running code > resulting in execute inujected code on your system - that's what SElinux is about > > may i suggest to learn basics about the different layers of a operating system > before read random completly unrelated articles and speard FUD based on them > without understan dwhat they are talking about? > > > Again, I think I am not explaining properly my thoughts. In this paragraph I am talking of the total security of > the system and the different layers an attacker would have to peel before pawining the system, not of SELinux alone. again: SElinux is the *last resort* > > then trick the system to scalate it to a root access before SELinux comes into play > > may i suggest to learn how SElinux works > it is supposed to prevent exactly this > > > And that is my point exactly. If as the article has said, NSA is spending millions to compromise security systems, > how sure are we that there isn't something in the code that allows them to bypass the protection that SELinux > promises to confer? Before the article, I'd agree with you, "FUDmongering". After it, I wonder. > BTW, thanks for the correction, I was forgetting once an attacker gets root, you are pawned. I was wondering at the > wrong level :) anything not proven by facts is FUD > > But again, It is good to know that all links in the chain to being pawned > > are good and strong before trusting them, and this article certainly throws > > some mud to whatever contribution NSA has made to any security system > > without any specified backround it is uneducated FUD > no tmore and not less > > As I said, before the article I would agree with you. But after reading it, I just wonder if there is any Achilles > heel in the armor if you only would understand how stupid your whole argumentation is * SLinux is opensource * it is part of the kernel * it is reviewed by a lot of people outside the USA * if you do not trust these people you must not trust the rest of the kernel well, and in this case use Windows or OSX but wait, both are closed source and US companies so who do you trust more - USA closed source, ot reviewed or opensource widely reviewed? none of them? well than shut down your computer at all
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
