On Wed, 2008-01-16 at 22:26 +0100, Valent Turkovic wrote: > I will bet anybody who wants that Fedora live cd users will have more > trouble from using SElinux than benefit. Also that ubuntu, opensuse > and other distros that don't use SElinux won't be in trouble from some > 0day exploit. I'd take that bet if there were ever any way to prove who won. Unfortunately, when a live media for any Linux distro ships with an unknown zero-day exploit ... how are you ever to know: * How many are still out there? * How many got updated? * How many were exploited and no one ever knew? Since we still get reports from people running RHL 7.x, believe me that a live media with a built in exploit can live on to haunt you for many years. Similar to your first comparison, how would we ever know, of every exploit blocked by SELinux, is it better or worse to have blocked that exploit than to have encountered whatever potential problems with SELinux? So, you are on for the bet, if you can figure out a way to track the results. Otherwise, repeating that you "know security" and "know that SELinux is worse than what it prevents" are just assertions without facts. You are welcome to your opinion, but please don't undermine the good security reputation of Fedora to serve it. - Karsten -- Karsten Wade, Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
