Re: Attempts at security (was Re: Draft spec for new dpkg "triggers" feature)
On Saturday 03 February 2007 05:17, Hendrik Sattler
<debian@hendrik-sattler.de> wrote:
> And everybody gets the SE Linux overhead if he wants or not?
It's disabled by default, unlike in Fedora and Red Hat Enterprise Linux where
it's on by default. I believe that the latest release of SUSE has AppArmor
on by default.
> The current
> system does not give you perfect security but neither does adding SE Linux.
> Instead, you probably get annoying permission problems.
This is why every Windows user uses the administrator account for everything.
> Name a few guys that really likes to use this on a private machine and some
> real-life improvements that it brings. Hint: "increased security" is not an
> argument.
SE Linux is enabled by default in Fedora. I believe that the majority of
Fedora users don't even know it's there. Their machine just works and tends
not to get cracked.
> > You want features such as exec-shield, well you don't get them - because
> > of other people with the same attitude as you.
>
> Please differ between things that are pretty much automatic (even when not
> only using debian packages) and things that you need some days to setup
> correctly (if you ever manage to do so).
> And always think about the problems that you introduce with such things
> (and almost all you named have such).
You claim that almost all the examples I gave have problems. Please explain
the problems that you believe to be in exec-shield, PIE, and
poly-instantiated directories. Make sure that they are real examples not "a
program might have some problem" claims.
--
russell@coker.com.au
http://etbe.blogspot.com/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
Reply to: