How best get rid of SELinux?

Timothy Murphy tim at birdsnest.maths.tcd.ie
Fri Sep 21 18:20:25 UTC 2007


Arthur Pemberton wrote:

>> > Mambo Exploit Blocked by SELinux
>> > http://interactive.linuxjournal.com/article/9176
>>
>>
>> OK, that is getting nearer;
>> but as far as I can see, the guy in this case
>> was running some kind of web development server (Mambo) on his machine,
>> and a hacker had targeted this particular server.
>>
>> I wouldn't be doing anything so esoteric,
>> so still wouldn't feel in great danger.
>> Also, I was struck by the amount of trouble the man had to go to
>> to work out what had happened.
>> I wouldn't be up to that, so SELinux in this case
>> would be wasted on me.
> 
> 
> So because you do not deploy such apps, does it make it usless? Or are
> you not one of those who hold that SELinux is entirely a waste of
> time?

Sigh.
I didn't say SELinux was useless.
I said I run it in permissive mode,
and hope one day to have time and inclination to see what it finds.

I was speaking purely personally;
I don't feel under imminent attack from anything that SELinux might stop,
just as I don't feel it likely a suicide bomber will target my home.
One has to make a rough internal estimate
of the likelihood of different disasters.
It is 1000 times more likely that my wife will spill coffee on my laptop
than it is that someone will get through my firewall and edit my files.






More information about the fedora-list mailing list