Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 11/30/10 9:28 PM, Marko Vojinovic wrote:
> On Tuesday 30 November 2010 20:54:37 m.roth@xxxxxxxxx wrote:
>> And about apache... most of those attacks are preventable through
>> defensive configuration and coding for httpd itself. Looking to selinux to
>> protect you is very sloppy.
>
> So a guy in a circus, performing acrobatics on a trapeze doesn't actually ever
> need a safety fishnet below, right? All he needs to do is make sure never to
> slip, or miss to catch the trapeze bar while performing. If he isn't sloppy,
> he will never fall. Simple. ;-)

Analogies rarely work well, but this one would be better if you assume the crew 
doesn't have time to do a good job of setting up both the trapeze rigging and 
the net.  Would you rather have a trapeze you can trust or a trapeze and a net 
both badly rigged and likely to break?

-- 
   Les Mikesell
     lesmikesell@xxxxxxxxx

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux