Furthermore, why people believe adding complexity to a system "makes
it more secure" baffles me,
We enter into the realms of "security by obscurity", and Bill Gates'
"bloat and crash ware" epitomises that....
Peter Farrow wrote:
> I agree Les,
>
> Selinux just adds bloat that we've managed without for many many years.
>
> Another layer of complexity to allow another layer of
> holes/backdoors/exploits.
>
> NOT NEEDED!!!!
>
> Regards
>
> Pete
>
>
> Les Mikesell wrote:
>
>> On Mon, 2005-11-14 at 05:04, Tony wrote:
>>
>>
>>> It always amazes me how quick people are to suggest that you just
>>> switch selinux off, without balancing the suggestion with an
>>> explanation of what they are losing by doing this.
>>>
>>
>>
>> What you get without it is the well-understood unix permission
>> system that served everyone well for several decades. Exploits
>> involving buggy code have happened, but If we've learned anything
>> along the way it is that adding new and less-tested code to a
>> working system doesn't necessarily make it more secure.
>>
>>
>>
>>> Would you switch a firewall off because it keeps filling your log
>>> files up with packet info? An English expression involving babies and
>>> bathwater springs to mind ;-)
>>>
>>
>>
>> I'd need some reason to think that the firewall code was
>> less likely to be exploited than the rest of the system it
>> is supposed to be protecting to consider it important.
>>
>>
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
