|
|
Log in / Subscribe / Register

Walsh: Cool things with SELinux... Introducing sandbox -X

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 18, 2009 17:01 UTC (Fri) by dlang (guest, #313)
In reply to: Walsh: Cool things with SELinux... Introducing sandbox -X by nix
Parent article: Walsh: Cool things with SELinux... Introducing sandbox -X

the problem is that the SELinux proponents keep claiming that if everyone just used SELinux there would be no possibility of security problems in linux. and further, because people refuse to use SELinux, all security exploits are then the result of this decision.

that may be overstating this slightly, but not by much.

usually I consider the posts by PaXTeam to be extreme in their claims, but in this case I think the point that is being made that SELinux does not defend against malware in content is absolutly correct.

to post comments

Walsh: Cool things with SELinux... Introducing sandbox -X

Posted Sep 20, 2009 19:40 UTC (Sun) by nix (subscriber, #2304) [Link]

Oh, I certainly agree with *that*. A lot of SELinux proponents seriously
overegg the pudding. It'll protect only against *userspace* vulns
compromising the local system further: not necessarily against userspace
vulns compromising other systems and not against kernel vulns. Still
that's a fairly large proportion of vulns...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds