On Thu, 2005-03-31 at 02:15 +0100, Timothy Murphy wrote: > While selinux is probably important for big systems, > I don't think it offers much for a home user like myself. Desktop users are vulnerable to exploitation by malicious code and malicious data-driven attacks. http://www.nsa.gov/selinux/papers/inevitability/ http://www.selinux-symposium.org/2005/presentations/session3/3-1-walters.pdf > It's possible, I suppose, that someone might get through my firewall > (shorewall) but it doesn't seem very likely, > as I don't run any services visible from outside. Do you ran any client software that talks to the network (browser, irc, whatever)? If so, it has the potential to be exploited. Or download any code and run it? Or play any downloaded music? Or view any downloaded documents? All of this opens you up to potential exploitation of flaws in the programs you use or active maliciousness in any code you run. > On the other hand, when I very gently tested the water with selinux > it had a number of unforeseen consequences, > and it was clear that I would have to study the matter > if I were to run the selinux service. Yes, there is a learning curve, and it is a paradigm change for security. Nonetheless, necessary if you want to solve fundamental security problems. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency