[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



Tim wrote:
On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:

It's too bad that Red Hat has jumped on the SELinux bandwagon
so wholeheartedly. That is, it is for those of us who don't like
it, but want to use Red Hat products or projects.


One of the (almost) unsung benefits of it is to do with created
software.
If the programmers use a system with SELinux, they're forced into
writing their software better.  And we end up with software which

They are forced into writing it SELinux aware. That is not
part of my definition of "better".

[snip]

On the other hand, without any SELinux, trying to make your system
secure, when you're using programs that the software authors had
free-range to do any old crap in the first place, is much more
difficult.

I don't like to load and run crap. Do you?
That's one reason I don't have SELinux enabled on the machines
I administer. Not all of them are FC2, BTW.

Note that SELinux does not attempt to make a machine more
secure, except in a very general sense. It attempts to mitigate
damage on a machine WHICH IS ALREADY COMPROMISED.

It does little AFAICT to prevent compromise.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]