Re: How best get rid of SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/21/07, Andrew Kelly <akelly@xxxxxxxxxxxx> wrote:
> On Fri, 2007-09-21 at 09:59 -0500, Mike McCarty wrote:
> > Tim wrote:
> > > On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:
> > >
> > >>It's too bad that Red Hat has jumped on the SELinux bandwagon
> > >>so wholeheartedly. That is, it is for those of us who don't like
> > >>it, but want to use Red Hat products or projects.
> > >
> > >
> > > One of the (almost) unsung benefits of it is to do with created
> > > software.
> > >
> > > If the programmers use a system with SELinux, they're forced into
> > > writing their software better.  And we end up with software which
> >
> > They are forced into writing it SELinux aware. That is not
> > part of my definition of "better".
> >
> > [snip]
> >
> > > On the other hand, without any SELinux, trying to make your system
> > > secure, when you're using programs that the software authors had
> > > free-range to do any old crap in the first place, is much more
> > > difficult.
> >
> > I don't like to load and run crap. Do you?
> > That's one reason I don't have SELinux enabled on the machines
> > I administer. Not all of them are FC2, BTW.
> >
> > Note that SELinux does not attempt to make a machine more
> > secure, except in a very general sense. It attempts to mitigate
> > damage on a machine WHICH IS ALREADY COMPROMISED.
> >
> > It does little AFAICT to prevent compromise.
> >
> > Mike
>
>
> Quick hit and run, here, before I call it a weekend...
>
> My cousin is an auto mechanic and several years ago he said something
> which you've just repeated in different terms.
>
> We were arguing Air Bag vs Anti-Lock Braking System. He said given the
> choice of only one, it would be insanity to take the AB.
> I says,"Huh?".
> He says, "Isn't it more important to avoid the accident in the first
> place?"
>
> Brilliant.
>
> Of course the right choice is to have them both, but given the choice of
> one, you're on the money IMO, Mike.
>
> Andy


Why would someone have to choose only one?


-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux