Re: Security fix for remapping of page 0 (was [PATCH] ChangeZERO_SIZE_PTR to point at unmapped space)

[James Morris]

On Wed, 3 Jun 2009, Larry H. wrote:

> whenever it is feasible, IMHO. I think everyone here will agree that
> SELinux has a track of being disabled by users after installation
> because they don't want to invest the necessary time on understanding
> and learning the policy language or management tools.

The Fedora smolt stats show an overwhelming majority of people leave it 
running.  Many don't know it's there at all and never have problems.  
It's known to have saved many everyday systems from breaches.

That's not to say that a significant number of people don't disable it, 
similarly to the way people disable iptables, use weak passwords, drive 
without seat belts, and cycle without helmets.  We do need to try and keep 
the default as safe as possible.


- James
-- 
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/