© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hey Jamie,
For the most part I agree with your stance and I am happy to see the summary update. I also totally agree with this statement:
"Our stance is that if a security feature[SELinux] breaks default and common configurations, users will turn off the feature."
PHP-Nuke will not run on a default Fedora system because of SELinux and I think that the most common response is for people to disable it all together. I agree that a security measure like this should be avoided at all costs in Ubuntu. I think that we can both agree that there is a common ground in terms of security and usability. I will keep an eye on this problem and see that it matures properly.
You are correct AppArmor doesn't have a feature to protect the context in which data is accessed like SELinux, and it would be nice if it did. My argument is that AppArmor with its current feature set can be configured to break my exploit, but other proven security measures can also be used to address this issue. I would like to be involved with Hardened Ubuntu to help find a good solution to these problems.
Thanks Again,
Michael