[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora (again) forces me to disable SELinux



Gianluca Sforna wrote:
On Thu, Apr 3, 2008 at 11:33 AM, Matej Cepl <mcepl redhat com> wrote:
On Tue, 01 Apr 2008 03:33:06 +0200, Mark scripst:

doesn't seem to add that much advantage. But i might be wrong..??
 Yes, you are ;-). Even totally screwed up Apache server totally in hands
 of script-kiddie via totally screwed up PHP release (not that it would
 ever happen, just a theoretical example) cannot do more than it is
 allowed to do by SELinux -- and that's not that much.

I think I remember a recent case for SELinux lowering the impact of a
_real_ security issue in one package.
I wanted to blog about it but could not find it anymore :(

There are several. Refer to the mitigation news section in

http://tresys.com/selinux/

Rahul


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]