Announcement

Collapse
No announcement yet.

The Performance Cost To SELinux On Fedora 31

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by pgoetz View Post

    Thanks for engaging, but how could sshd be compromised without someone gaining root on your system, at which point anything is possible? And if not that, once you can get into people's .ssh directories their accounts almost certainly are compromised, allowing direct logins where, again, quite a bit becomes possible.

    The arguments for SELinux always sound superficially convincing until you dig into the functional consequences of what is being protected against. I had a coworker explain that SELinux constrained web server access to user's .public_html directories. Now that the 90's are over, who's still using .public_html directories?
    As someone else said, a hypothetical sshd exploit, SELinux adds another set of protection against compromised services.

    Imho SELinux has prevented Android vulnerabilities from being a huge malware nightmare.

    Comment


    • #22
      Originally posted by Britoid View Post

      As someone else said, a hypothetical sshd exploit, SELinux adds another set of protection against compromised services.

      Imho SELinux has prevented Android vulnerabilities from being a huge malware nightmare.
      That really is the only case where it makes sense when you have a locked down platform a vendor controls. The main problems with it is it's ability to toggle and it's complexity.

      Pledge is a much better solution however. Please look into it.

      Comment

      Working...
      X