Great high level intro to SE Linux:
http://www.linuxworld.com/news/2008/022408-selinux.html?page=1
It gives real world examples of exploits in the wild right now which SE
Linux is actually preventing from working. Also talks about how they
have around 50 system services running under SE Linux protection now and
the admin should never have to know SE Linux is running. The policy
comes working out of the box. They also have tools to make it easier to
modify the policy if you do need to do so. They are now working on
securing the desktop (browser, email client, etc.) Securing the desktop
is going to be a really huge win for Linux.
A quote:
For now, though, SELinux has become a solid protection layer for server
applications. "In the first year (of RHEL5 availability) if you
installed every single package, none of the critical exploits would have
been exploitable," Cathrow says.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
