 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 4/29/07, David Kramer <david at thekramers.net> wrote: > 1) Thank you. That worked. np... > 2) Will that survive a reboot? Did it change the default policy, or > just the running policy? not sure...I don't like SELINUX :-) It is very difficult to use/maintain and it a real PITA. It really depends what you are trying to do. Why do you have it on? What are you trying to protect against? Don't just enable it blindly and expect it to protect your system. There are many paths to better security... > So yes, there's this pretty good tool if you stumble upon it, but how > can you have a tool that's so invasive without accessible documentation? A buddy of mine's father worked on SELINUX for the NSA. He gave a presentation on it a few years back. I checked it out. Maybe I'm naive, but I haven't been able to put it to great use. Sure, you can try to enable it and convince yourself about security, but you really need to know details about the internals to make it work for you. And anyways, there are many browser exploits these days and I don't think SELINUX is going to protect someone from stealing your GPG keys once they pwn yer browser from client side... -- Kristian Hermansen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
