| From: | Greg Smith <gsmith(at)gregsmith(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-28 13:44:15 |
| Message-ID: | Pine.GSO.4.64.0712280804070.23189@westnet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 27 Dec 2007, Stephen Frost wrote:
> Debian also has SELinux, if one wishes to configure it. I suspect other
> Debian-derived distributions also have it as a result. It can certainly
> be a pain to configure but it's far from impossible
That's a good summary. As of Debian Etch (April of this year) the base
distribution now include enough SELinux compatible userland packages for
the fundamental utilities (ssh, svsvinit, pam, cron, some others) that you
don't have to run around hacking a set of patches anymore just to get the
base system working.
There is also a Hardened Gentoo with SELinux. The most notable
distribution where SELinux support is seriously dead is SuSE.
RHEL/Fedora are the only distributions where SELinux is taken seriously
enough that most packages/daemons are patched and have policies setup in a
useful state out of the box. But with some work you can customize a
reasonable setup on some other distributions.
--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Naz Gassiep | 2007-12-28 15:09:23 | Re: Spoofing as the postmaster |
| Previous Message | Peter Eisentraut | 2007-12-28 10:55:12 | Selectivity estimation for equality and range queries |