Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/8/2010 9:21 AM, Lamar Owen wrote:
> On Tuesday, December 07, 2010 06:29:44 pm Les Mikesell wrote:
>> I think you've missed the point that 'all that stuff' (being traditional unix
>> security mechanisms) are not all that insecure.  It is only when you get them
>> wrong that you need to fall back on selinux as a safety net.   And if you can't
>> get the simple version right, how can you hope to do it right with something
>> wildly more complicated?
>
> Alright, pray tell how I, a desktop Linux user, can, without VM's and without having to switch users, protect my files from a PDF attack through Adobe Reader?

Don't run software you don't trust. Keep the software you run up to 
date.  Don't open files you don't trust.

 > Or a surf-by web infection (NoScript can help; NoScript is also a pain)?

Don't visit web sites you don't trust with browsers that auto-execute stuff.

>But the desktop security use case often gets short shrift, and thus I raise that banner, being that I have been a desktop Linux user for 13+ years)

Does the default configuration cover the cases you present?  Or are you 
suggesting that every user needs the equivalent of a 4 day/$3K training 
course to be able to secure their linux distribution?

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux