[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

On Fri, 3 Feb 2012, Russ Allbery <rra@debian.org> wrote:
> For example, Debian could immediately become a much more secure OS by
> enabling SELinux in enforcing mode on all Debian systems.  The reason why
> we don't do this is that currently that tradeoff doesn't make sense; too
> much other stuff doesn't work, too much other effort is required, and
> we're not in a position to enforce that technology, even if it would
> increase security.

SE Linux is supported in critical packages including the kernel, sysvinit, and 
cron.  So any user who wants to use it can just install the SE Linux specific 
packages and rely on the built-in support for SE Linux in important base 

This compares to the PHP/Suhosin situation where users who want that have no 
option other than to download the source and the Suhosin patch and build their 
own packages.

For the analogy you want to make a better option would be GR Security which is 
not supported in the Debian kernel and won't be supported in the forseeable 

My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Reply to: