On Thursday 17 January 2008 09:53:59 Valent Turkovic wrote: > Are you actually saying that SELinux is security silver bullet? > If you know anything about security you know that there is no silver > bullet in security is it always a trade off in usability vs. security. > Which we try to mitigate with "permissive" mode. > A quick googleing showed that security experts see SELinux like a > backdor and as a problem just waiting to happed, and they suggest > UNINSTALLING SElinux! An even quicker search on Google reveals that RHEL5 with SELinux enabled and in enforcing mode has top security marks from the NSA, rivaled only by TrustedSolaris 10. > "As a final note, I follow the logic of the grsecurity team, who claim > that LSM and SELinux are backdoors waiting to happen." > Any program that provides security is a backdoor waiting to happen. What is your point? SELinux is meant to secure common exploits in other programs, such as Apache trying to write to /etc/passwd. Could SELinux be vulnerable? Sure. So could your keyboard driver. -- Benjamin Kreuter
Description: This is a digitally signed message part.