[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Browser mode for nautilus



David Zeuthen wrote:
> On Mon, 2008-10-27 at 15:51 -0400, seth vidal wrote:
>> We have a number of applications that end of listening on random ports.
>> At which point the system is vulnerable (or sometimes just the user) is
>> vulnerable to whatever those daemons are vulnerable to.
> 
> The solution here would be to confine these daemons with SELinux


>> If the process needs to be able to listen on an external port then that
>> needs to be enabled separately. You don't just turn off all the rules as
>> a solution.
> 
> However, I'd argue that people end up doing this anyway.

Yes, and I suspect a large percentage of the people who are turning off
the firewall because it keeps them from getting work done are also
turning off SELinux because it keeps them from getting work done. So...

-- Dan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]