Fedora (again) forces me to disable SELinux

Andrew Farris lordmorgul at gmail.com
Tue Apr 1 01:58:10 UTC 2008


Mark wrote:
> Also if i )as a user) run a application and a attacker
> strikes that application than the attacker still can't do more than i
> as a user can do so it doesn't seem to add that much advantage. But i
> might be wrong..??

Yes, you're slightly wrong there.  Compromised software can be far more 
destructive than you'd initially think.  If you can't delete a file, that 
doesn't mean broken and exploited software can't do it while you run it.

-- 
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
  gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB  5BD5 5F89 8E1B 8300 BF29
  revoked key 0xC99B1DF3 no longer used
No one now has, and no one will ever again get, the big picture. - Daniel Geer
----                                                                       ----




More information about the fedora-devel-list mailing list