On Wed, Sep 7, 2011 at 8:44 PM, Clint Pachl <pa...@ecentryx.com> wrote: > Alec Taylor wrote: >> >> What's the most secure operating system? >> >> /me is thinking OpenBSD >> >> > > SELinux by far. > > I just listened to an interview with one of the devs on the project > (http://twit.tv/show/floss-weekly/156). Wow! With SELinux, you basically > just flip a switch and boom, you're secure. No process can talk to any other > processes without your permission. No process can access the Internet if you > don't want it to. Say goodbye to buffer overflows! It's implemented by the > USA's NSA so you know it's the most secure OS in the Universe. It's truly > amazing security. "Set it and forget it!" > > Alec, I think you really need to refocus on SELinux.
I'm afraid to say that at most sites, they turn off SELinux by default. Developers are too unwilling to learn the File System Hierarchy to actually follow it, and developers of tools like OpenSSH have few ways to predict its consequences and code in concert with it. See https://bugzilla.redhat.com/show_bug.cgi?id=524276 for a typical example of SELinux breaking the ssh-copy-id tool.
