selinux stuff - I just don't get

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11/14/05, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> On Mon, 2005-11-14 at 08:29, Jim Perrin wrote:
> > >
> > > Selinux just adds bloat that we've managed without for many many years.
> > >
> >
> > We used to manage just fine with telnet for many many years also, and
> > these days I wouldn't think of running accessing a machine via telnet.
> > If you don't change with the times, you're going to get steamrolled by
> > them.
>
> But note that there have been times that having ssh enabled exposed
> your system to additional exploits.

I never said it didn't. However it protected people from far more than
it allowed, which was my point. With ssh, it was more diffcult to gain
access to the system simply by running grep against a packet dump for
a username and password as was the case with telnet.

>
> > Another layer of complexity to allow another layer of
> > > holes/backdoors/exploits.
> >
> > Given the organization who gave us selinux and their dire need for
> > security, I get the feeling it'll block many more problems that it
> > allows, just as ssh did.
>
> Except for the versions of ssh that allowed exploits...
>

See point above.




--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux