Re: vmsplice Local Root Exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Feb 11, 2008 5:16 AM, Valent Turkovic <valent.turkovic@xxxxxxxxx> wrote:

> Just to clarify. I'm interested how safe is fedora in general with this
> king of exploits... and does my argument for not having selinux on
> desktop fedora cd versions is justified.

An airbag in your car doesn't protect you from being side-swiped
either.  Does that mean that we should not have airbags in our car,
too?  Of course not.  It's all about risk management.  As Alan noted
later in this thread, SELinux *can* prevent a series of steps whereby
a server vulnerability leads to a shell and the ability to exploit
this local vulnerability.

Do airbags offer some level of protection?  Yes.  Will they for sure
prevent you from being seriously injured/killed in a car accident? No.

Does SELinux offer a good level of protection?  Yes.  Will it prevent
every possible vulnerability from being exploited?  No.

In both instances, you'd be quite foolish to think otherwise.  SELinux
is part of a defense-in-depth strategy, that ranges from firewalls at
the perimeter, IDS systems, host-based firewalls, and finally SELinux.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux