[plug] Linux Desktop Market
Craig Ringer
craig at postnewspapers.com.au
Fri Oct 28 01:58:08 WST 2005
Russell Steicke wrote:
> On Thu, Oct 27, 2005 at 06:54:40PM +0800, Cameron Patrick wrote:
>
>>Really? How is a Linux system any more secure than Windows against
>>people accidentally running untrusted code? If anything, I'd say it'd
>>be in a worse boat: Linux doesn't even have "application-based"
>>firewalls like Zone Alarm or virus/trojan/malware checkers. So far
>>these have not been necessary but they may well be if Windows-style
>>distribution of software as unauthenticated binary executables becomes
>>commonplace on Linux to.
>
>
> Surely selinux is an application-based firewall, or could be
> configured as such.
My first thought upon reading that was "oh, god no."
Windows application-based firewalls work because they can communicate
with the user. "This app tried to access the 'net, do you want to let it?".
Perhaps that could be done with SELinux. I'd expect random "connection
refused" messages instead though, and to have to go dig through some
even more obscure than usual logs then edit some horrific policy file to
get something working. Wouldn't you? I find SELinux sufficiently good at
producing bizarre problems already without letting it get its evil
tentacles too deep into the networking subsystem.
In case you haven't guessed, I'm not a fan of SELinux, at least as
implemented in FC4. SELinux its self seems to be a hideous tangled
complex mess that RH has tried to tame as best it could.
--
Craig Ringer
More information about the plug
mailing list