selinux stuff - I just don't get

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

I agree Les,

Selinux just adds bloat that we've managed without for many many years.

Another layer of complexity to allow another layer of 
holes/backdoors/exploits.

NOT NEEDED!!!!

Regards

Pete


Les Mikesell wrote:

>On Mon, 2005-11-14 at 05:04, Tony wrote:
>  
>
>>It always amazes me how quick people are to suggest that you just
>>switch selinux off, without balancing the suggestion with an
>>explanation of what they are losing by doing this.
>>    
>>
>
>What you get without it is the well-understood unix permission
>system that served everyone well for several decades.  Exploits
>involving buggy code have happened, but If we've learned anything
>along the way it is that adding new and less-tested code to a
>working system doesn't necessarily make it more secure.
>
>  
>
>> Would you switch a firewall off because it keeps filling your log
>>files up with packet info?  An English expression involving babies and
>>bathwater springs to mind ;-)
>>    
>>
>
>I'd need some reason to think that the firewall code was
>less likely to be exploited than the rest of the system it
>is supposed to be protecting to consider it important.
>
>  
>
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux