> > It looks like the combination of SELinux and mod_security
will cover the
> > range of exploits as long as we have policy that covers all the
> > approaches in both SELinux and mod_security.
>
> One thing Fedora has is expertise in writing SELinux policy. A working
> SELinux policy would be a good contribution to an upstream.
SELinux can't help with XSS attacks.
I think the main problem with php is that it's not strongly typed and very
tollerant of programatical errors. I think that's one of the reasons php is
so popular, and one of the reasons we need to keep saying no to php.
--
Matthew Galgoci
Network Operations
Red Hat, Inc
919.754.3700 x44155