- From: Bruno Wolff III <bruno@xxxxxxxx>
- Date: Wed, 19 Jan 2011 19:58:03 -0600
On Thu, Jan 20, 2011 at 01:51:03 +0200,
Kostas Sfakiotakis <kostassf@xxxxxxxxxxxxxxx> wrote:
A small comment here , actually SELinux is an NSA invention which
is supposed to provide extra security to your system by controlling
everything and everyone .
selinux is a mandatory access control system. This is needed to prevent
hostile code from doing things on your behalf that it shouldn't.
If you really don't want that protection run selinux in permissive mode.
Since i started this thread , let me clarify something . All i was
trying to do was to open a pdf file simple as that and i do believe
that on my computer am pretty much entitled to do so .
selinux access takes precedence over root access. Though as delivered, root
can set selinux to permissive mode to get around that. If you really want
protection when running as root, you'd at least need to turn that setting
off. (Then you'd need to reboot to change the setting.) You also need to
have root logins use a more restrictive role when logging in. Otherwise
there a lot of ways to subvert the system.
Well i was logged in as root at the momment . What am i supposed to do ??
Logout and login back again just to run Acrobat Reader ????? I do
believe that would be an overkill .
Personally, I'd recommend not using acrobat reader. PDFs are more like
executable programs than documents. So besides having to worry about bugs
in acrobat reader (of which there have been plenty with security implications),
you have to worry about valid PDFs doing things to your system or with
your pre-existing data that you don't want.
users mailing list
To unsubscribe or change subscription options:
- Re: SELinux
- From: Kostas Sfakiotakis
- Re: SELinux
- Prev by Date: Re: why dia 1:0.97-4.fc13 and not for fc14?
- Next by Date: Re: Let's talk about HTTPS Everywhere
- Previous by thread: Re: SELinux
- Next by thread: Re: SELinux