[wplug] Who benefits from SELinux?
Drew from Zhrodague
drewzhrodague at zhrodague.net
Tue Apr 10 19:45:24 EDT 2012
Indeed, I'm sure this helps for servers, but would not at all work for
a developer's workstation, where they are writing and testing wacky
software that may not have hooks for SELinux. =_)
I also generally turn it off. In cloud environments, it is easier to
delete the host and spin up a replacement.
On 4/10/12 6:38 PM, G.Pitman wrote:
> I use it at work for every server that I can, but we have govt. and
> commercial contracts. One particular instance where it helped was a web
> server where a bad php script allowed someone to upload a script to the
> temp directory and try to execute it to likely get a privilege escalation.
> Selinux sets contexts on files and directories specifying who can read or
> write to them.
--
Drew from Zhrodague
Internet Swashbuckler
drew at zhrodague.net
More information about the wplug
mailing list