On 11/14/05, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > On Mon, 2005-11-14 at 08:29, Jim Perrin wrote: > > > > > > Selinux just adds bloat that we've managed without for many many years. > > > > > > > We used to manage just fine with telnet for many many years also, and > > these days I wouldn't think of running accessing a machine via telnet. > > If you don't change with the times, you're going to get steamrolled by > > them. > > But note that there have been times that having ssh enabled exposed > your system to additional exploits. I never said it didn't. However it protected people from far more than it allowed, which was my point. With ssh, it was more diffcult to gain access to the system simply by running grep against a packet dump for a username and password as was the case with telnet. > > > Another layer of complexity to allow another layer of > > > holes/backdoors/exploits. > > > > Given the organization who gave us selinux and their dire need for > > security, I get the feeling it'll block many more problems that it > > allows, just as ssh did. > > Except for the versions of ssh that allowed exploits... > See point above. -- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center