[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)

On Saturday 03 February 2007 05:17, Hendrik Sattler 
<debian@hendrik-sattler.de> wrote:
> And everybody gets the SE Linux overhead if he wants or not?

It's disabled by default, unlike in Fedora and Red Hat Enterprise Linux where 
it's on by default.  I believe that the latest release of SUSE has AppArmor 
on by default.

> The current 
> system does not give you perfect security but neither does adding SE Linux.
> Instead, you probably get annoying permission problems.

This is why every Windows user uses the administrator account for everything.

> Name a few guys that really likes to use this on a private machine and some
> real-life improvements that it brings. Hint: "increased security" is not an
> argument.

SE Linux is enabled by default in Fedora.  I believe that the majority of 
Fedora users don't even know it's there.  Their machine just works and tends 
not to get cracked.

> > You want features such as exec-shield, well you don't get them - because
> > of other people with the same attitude as you.
> Please differ between things that are pretty much automatic (even when not
> only using debian packages) and things that you need some days to setup
> correctly (if you ever manage to do so).
> And always think about the problems that you introduce with such things
> (and almost all you named have such).

You claim that almost all the examples I gave have problems.  Please explain 
the problems that you believe to be in exec-shield, PIE, and 
poly-instantiated directories.  Make sure that they are real examples not "a 
program might have some problem" claims.

http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to: