On Wednesday 01 December 2010 03:37:15 Nico Kadel-Garcia wrote:
> On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic <vvmarko@xxxxxxxxx> wrote:
> > On Tuesday 30 November 2010 20:54:37 m.roth@xxxxxxxxx wrote:
> >> And about apache... most of those attacks are preventable through
> >> defensive configuration and coding for httpd itself. Looking to selinux
> >> to protect you is very sloppy.
> >
> > So a guy in a circus, performing acrobatics on a trapeze doesn't actually
> > ever need a safety fishnet below, right? All he needs to do is make sure
> > never to slip, or miss to catch the trapeze bar while performing. If he
> > isn't sloppy, he will never fall. Simple. ;-)
>
> Historically (although it's gotten better), the SELinux net was
> erected by blocking off all the ladders to the trapeze.
True, but --- as you say --- it's gotten much better since those times.
> This is great
> for safety of bystanders and keeping the clowns from making the
> trapeze slippery with cream pies, but made it hard to actually
> entertain the crowd. And entertaining the crowd is what a circus gets
> paid for.
And when the guy slips off and gets killed in the middle of the performance in
front of a large number of small children watching in the audience, I really
wonder if that circus is going to get paid by anyone for the next performance
tomorrow evening. It happens rarely, but still it does happen sometimes.
I'd still say a fishnet is a Good Idea(tm), regardless of the fact that it
takes away some of the excitement during the performance. ;-)
Best, :-)
Marko
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
