Fedora (again) forces me to disable SELinux
Rahul Sundaram
sundaram at fedoraproject.org
Fri Apr 4 09:13:08 UTC 2008
Gianluca Sforna wrote:
> On Thu, Apr 3, 2008 at 11:33 AM, Matej Cepl <mcepl at redhat.com> wrote:
>> On Tue, 01 Apr 2008 03:33:06 +0200, Mark scripst:
>>
>>> doesn't seem to add that much advantage. But i might be wrong..??
>> Yes, you are ;-). Even totally screwed up Apache server totally in hands
>> of script-kiddie via totally screwed up PHP release (not that it would
>> ever happen, just a theoretical example) cannot do more than it is
>> allowed to do by SELinux -- and that's not that much.
>
> I think I remember a recent case for SELinux lowering the impact of a
> _real_ security issue in one package.
> I wanted to blog about it but could not find it anymore :(
There are several. Refer to the mitigation news section in
http://tresys.com/selinux/
Rahul
More information about the fedora-devel-list
mailing list