WARNING:DO NOT UPGRADE TO CORE 4
Mike McCarty
mike.mccarty at sbcglobal.net
Wed Jul 13 19:21:45 UTC 2005
Les Mikesell wrote:
>On Wed, 2005-07-13 at 13:22, Paul Howarth wrote:
>
>
>
>>My point was that there's no way of knowing what undiscovered
>>vulnerabilities there are on your system, so having multiple layers of
>>defences such as firewalls, mounting /var and /tmp partitions with
>>noexec, selinux etc. all help to mitigate the risk.
>>
>>
>
>And the counterpoint to that is that we (most of us anyway) also
>don't know what new problems selinux creates as it tries to
>solve the old well known ones. Why is it that you accept on
>faith that adding new code in the form of selinux is an improvement
>while recognizing that you don't know about undiscovered vulnerabilities
>in code that has been around for ages and has already had the obvious
>things fixed?
>
>
>
Thank you.
We *know* that selinux poses vulnerabilities to keeping the system
up.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the fedora-list
mailing list