On Thu, 2008-01-17 at 16:27 +0100, Valent Turkovic wrote: > What are the real security issues on desktop? OpenOffice exploits? Gnome > expoits? What? You aren't running apache, mysql and php on desktop > and > those services shouldn't be running. Maybe ssh is running and that > can > be hardened really easily with firewall rules. What is actual threat > that SELinux prevents on Fedora Desktop? Well lets see. On the desktop, you have a web browser whose entire purpose is to take in massive amounts of untrusted data from the network, and hand it off to all sorts of libraries and plugins and helpers. Jpeg libraries, PNG libraries, the Totem plugin which can draw in *hundreds* of different AV codecs, Java plugins, and more than likely a proprietary Flash plugin. How much do you really trust Adobe? You also have PDFs and word documents, which users will be opening with Evince and OpenOffice, and quite possibly another proprietary Adobe binary... The typical Aunt Tillie is putting *millions* of lines of code in direct contact with *gigabytes* of untrusted and potentially hostile data coming in from all corners of the Internet. Now you tell me where the greatest security risk lies.
Description: This is a digitally signed message part