On 12/8/2010 9:21 AM, Lamar Owen wrote:
On Tuesday, December 07, 2010 06:29:44 pm Les Mikesell wrote:
I think you've missed the point that 'all that stuff' (being traditional unix security mechanisms) are not all that insecure. It is only when you get them wrong that you need to fall back on selinux as a safety net. And if you can't get the simple version right, how can you hope to do it right with something wildly more complicated?
Alright, pray tell how I, a desktop Linux user, can, without VM's and without having to switch users, protect my files from a PDF attack through Adobe Reader?
Don't run software you don't trust. Keep the software you run up to date. Don't open files you don't trust.
Or a surf-by web infection (NoScript can help; NoScript is also a pain)?
Don't visit web sites you don't trust with browsers that auto-execute stuff.
But the desktop security use case often gets short shrift, and thus I raise that banner, being that I have been a desktop Linux user for 13+ years)
Does the default configuration cover the cases you present? Or are you suggesting that every user needs the equivalent of a 4 day/$3K training course to be able to secure their linux distribution?