Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello Les,

On Mon, 2010-11-29 at 12:35 -0600, Les Mikesell wrote:
> If you don't trust your software, run it under a uid that doesn't have 
> write access to anything important - or in a VM or a different machine 
> for that matter.  X has no problem displaying programs running with 
> different uids or locations.

Using a "safe uid" will not stop a buffer overflow from happening and
causing a privilege escalation if such an issue exists in the software.
SELinux will negate most of the damage by disallowing even the escalated
process access to resources it shouldn't touch.

With the ever increasing complexity of software is there any software
you trust? I know I don't. Are you running your Flash plugin in Mozilla
as a different user than the one you logged into under X? Care to
elaborate how to accomplish such a feat? Or can you provide any
pointers?

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux