SELinux removed from desktop cd spin?
Callum Lerwick
seg at haxxed.com
Thu Jan 17 19:11:24 UTC 2008
On Thu, 2008-01-17 at 16:27 +0100, Valent Turkovic wrote:
> What are the real security issues on desktop? OpenOffice exploits? Gnome
> expoits? What? You aren't running apache, mysql and php on desktop
> and
> those services shouldn't be running. Maybe ssh is running and that
> can
> be hardened really easily with firewall rules. What is actual threat
> that SELinux prevents on Fedora Desktop?
Well lets see. On the desktop, you have a web browser whose entire
purpose is to take in massive amounts of untrusted data from the
network, and hand it off to all sorts of libraries and plugins and
helpers. Jpeg libraries, PNG libraries, the Totem plugin which can draw
in *hundreds* of different AV codecs, Java plugins, and more than likely
a proprietary Flash plugin. How much do you really trust Adobe? You also
have PDFs and word documents, which users will be opening with Evince
and OpenOffice, and quite possibly another proprietary Adobe binary...
The typical Aunt Tillie is putting *millions* of lines of code in direct
contact with *gigabytes* of untrusted and potentially hostile data
coming in from all corners of the Internet.
Now you tell me where the greatest security risk lies.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080117/3059b186/attachment.sig>
More information about the fedora-devel-list
mailing list