Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Lamar Owen wrote:

> With SELinux I can set files and whole hierachies to not allow Acrobat
> Reader access of various types, while still alllowing access to those
> areas it needs.  Voila!  Acrobat Reader vulnerabilities and the PDF's
> that exploit them no longer have any power to exploit my system.  Same
> with Flash, Java, and Firefox itself.  If firefox has no need to write
> into my Documents directory, then I can lock out my Documents
> directory to firefox (even when it's running with the right uid:gid
> that would defeat old-school uid:gid based perms) and not worry about
> a malicious website exploiting a firefox zero-day modifying any of my
> files in Documents.

Your enthusiasm for SELinux seems tied conceptually to a workstation
running the set of applications that come with the distribution.
Nothing wrong with that.
-- 
Charles Polisher

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux