Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2007-09-21 at 09:59 -0500, Mike McCarty wrote:
> Tim wrote:
> > On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:
> > 
> >>It's too bad that Red Hat has jumped on the SELinux bandwagon
> >>so wholeheartedly. That is, it is for those of us who don't like
> >>it, but want to use Red Hat products or projects. 
> > 
> > 
> > One of the (almost) unsung benefits of it is to do with created
> > software.  
> > 
> > If the programmers use a system with SELinux, they're forced into
> > writing their software better.  And we end up with software which
> 
> They are forced into writing it SELinux aware. That is not
> part of my definition of "better".
> 
> [snip]
> 
> > On the other hand, without any SELinux, trying to make your system
> > secure, when you're using programs that the software authors had
> > free-range to do any old crap in the first place, is much more
> > difficult.
> 
> I don't like to load and run crap. Do you?
> That's one reason I don't have SELinux enabled on the machines
> I administer. Not all of them are FC2, BTW.
> 
> Note that SELinux does not attempt to make a machine more
> secure, except in a very general sense. It attempts to mitigate
> damage on a machine WHICH IS ALREADY COMPROMISED.
> 
> It does little AFAICT to prevent compromise.
> 
> Mike


Quick hit and run, here, before I call it a weekend...

My cousin is an auto mechanic and several years ago he said something
which you've just repeated in different terms.

We were arguing Air Bag vs Anti-Lock Braking System. He said given the
choice of only one, it would be insanity to take the AB. 
I says,"Huh?".
He says, "Isn't it more important to avoid the accident in the first
place?"

Brilliant.

Of course the right choice is to have them both, but given the choice of
one, you're on the money IMO, Mike. 

Andy

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux