Am 05.09.2021 um 14:40 schrieb Nico Kadel-Garcia
<nkadel(a)GMAIL.COM>:
On Sun, Sep 5, 2021 at 4:10 AM Vitaly Zaitsev via devel
<devel(a)lists.fedoraproject.org> wrote:
>
> On 05/09/2021 09:19, Peter Boy wrote:
>> Much to my chagrin, you describe the biggest problem in Fedora for years and the
one why Fedora is falling further and further behind among distributions. The problem
overshadows all that many positive features that otherwise distinguish Fedora.
>
> SELinux has saved Fedora users from many critical vulnerabilities (eg.
> telnetd RCE CVE last year). This is a last line of defense.
You're referring to CVE-2020-10188? Who that is sane runs telnetd
these days, or lets it past their firewalls? It's an unencrypted
protocol vulnerable to packet sniffing. I'm afraid it's a poor example
of the benefits of SELinux: if you're running telnetd, you generally
have *much* bigger problems.
You are right, it’s a poor example. But I suppose you agree that the underlying argument
is nevertheless valid. SELinux increases security.
And the issues and problems that Sam Varshavchik described should be resolved.