[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



Yaakov Nemoy wrote:
On Jan 16, 2008 3:35 PM, Valent Turkovic <valent turkovic gmail com> wrote:
Dan you are taking this the wrong way. Of course SElinux is great, of
course it prevents from 0day exploits, no body is challenging that.
But what was the real threat to average desktop users? Has anybody
made use of this 0day exploit threat? is there a linux virus in the
wild that spread like wildfire that took down all desktops that didn't
use SELinux?

If a single Linux desktop goes down because of a 0day event, then
we've already failed at making a secure desktop.  By that point, it's
too late.

This is a failure, and we should do everything we can to make sure it
*never* happens.

-Yaakov


Scaring people away from fedora desktop with too "paranoid" utilities is a good way to ensure that there are not too much users on it even if linux judgment 0day comes one day.

Are you actually hoping to really protect from real threats? Not even SElinux can protect from rootkits.

Are you actually saying that SELinux is security silver bullet?
If you know anything about security you know that there is no silver bullet in security is it always a trade off in usability vs. security.

No desktop spins for fedora I see no actual benefit and huge cost in user experience, usabillity and cost of valuable CD space.

A quick googleing showed that security experts see SELinux like a backdor and as a problem just waiting to happed, and they suggest UNINSTALLING SElinux!

"As a final note, I follow the logic of the grsecurity team, who claim that LSM and SELinux are backdoors waiting to happen."

See the link:
http://www.matasano.com/log/650/is-open-source-rootkit-detection-behind-the-curve/

Valent.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]