On Mon, 2005-11-14 at 05:04, Tony wrote:
> It always amazes me how quick people are to suggest that you just
> switch selinux off, without balancing the suggestion with an
> explanation of what they are losing by doing this.
What you get without it is the well-understood unix permission
system that served everyone well for several decades. Exploits
involving buggy code have happened, but If we've learned anything
along the way it is that adding new and less-tested code to a
working system doesn't necessarily make it more secure.
> Would you switch a firewall off because it keeps filling your log
> files up with packet info? An English expression involving babies and
> bathwater springs to mind ;-)
I'd need some reason to think that the firewall code was
less likely to be exploited than the rest of the system it
is supposed to be protecting to consider it important.
--
Les Mikesell
lesmikesell@xxxxxxxxx
selinux stuff - I just don't get
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: selinux stuff - I just don't get
- From: lesmikesell at gmail.com (Les Mikesell)
- Date: Mon Nov 14 13:56:15 2005
- In-reply-to: <50ad34450511140304sec8f987w268252e85370fa2a@xxxxxxxxxxxxxx>
- References: <1131823560.2996.48.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <437866F6.8040505@xxxxxxxxxxx> <43786A2A.9080405@xxxxxxxxxxx> <50ad34450511140304sec8f987w268252e85370fa2a@xxxxxxxxxxxxxx>
- Follow-Ups:
- selinux stuff - I just don't get
- From: Peter Farrow
- selinux stuff - I just don't get
- References:
- selinux stuff - I just don't get
- From: Craig White
- selinux stuff - I just don't get
- From: Giovanni P. Tirloni
- selinux stuff - I just don't get
- From: Peter Farrow
- selinux stuff - I just don't get
- From: Tony
- selinux stuff - I just don't get
- Prev by Date: selinux stuff - I just don't get
- Next by Date: selinux stuff - I just don't get
- Previous by thread: selinux stuff - I just don't get
- Next by thread: selinux stuff - I just don't get
- Index(es):
 |