[CentOS] SELinux - way of the future or good idea but !!!
cpolish at surewest.net
cpolish at surewest.netTue Nov 30 04:02:59 UTC 2010
- Previous message: [CentOS] SELinux - way of the future or good idea but !!!
- Next message: [CentOS] SELinux - way of the future or good idea but !!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lamar Owen wrote: > With SELinux I can set files and whole hierachies to not allow Acrobat > Reader access of various types, while still alllowing access to those > areas it needs. Voila! Acrobat Reader vulnerabilities and the PDF's > that exploit them no longer have any power to exploit my system. Same > with Flash, Java, and Firefox itself. If firefox has no need to write > into my Documents directory, then I can lock out my Documents > directory to firefox (even when it's running with the right uid:gid > that would defeat old-school uid:gid based perms) and not worry about > a malicious website exploiting a firefox zero-day modifying any of my > files in Documents. Your enthusiasm for SELinux seems tied conceptually to a workstation running the set of applications that come with the distribution. Nothing wrong with that. -- Charles Polisher
- Previous message: [CentOS] SELinux - way of the future or good idea but !!!
- Next message: [CentOS] SELinux - way of the future or good idea but !!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list