[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On 9/21/07, Mike McCarty <Mike McCarty sbcglobal net> wrote:
> Tim wrote:
> > On Thu, 2007-09-20 at 15:36 -0500, Mike McCarty wrote:
> >
> >>It's too bad that Red Hat has jumped on the SELinux bandwagon
> >>so wholeheartedly. That is, it is for those of us who don't like
> >>it, but want to use Red Hat products or projects.
> >
> >
> > One of the (almost) unsung benefits of it is to do with created
> > software.
> >
> > If the programmers use a system with SELinux, they're forced into
> > writing their software better.  And we end up with software which
>
> They are forced into writing it SELinux aware. That is not
> part of my definition of "better".

You could give google a try to see how much others agree. As in,
others who've found and fixed bugs in their apps due to SELinux.

> > On the other hand, without any SELinux, trying to make your system
> > secure, when you're using programs that the software authors had
> > free-range to do any old crap in the first place, is much more
> > difficult.
>
> I don't like to load and run crap. Do you?
> That's one reason I don't have SELinux enabled on the machines
> I administer. Not all of them are FC2, BTW.

Because calling a piece of software crap because you don't like it is
the mark of good administration.

> Note that SELinux does not attempt to make a machine more
> secure, except in a very general sense. It attempts to mitigate
> damage on a machine WHICH IS ALREADY COMPROMISED.
>
> It does little AFAICT to prevent compromise.

Further proving that you are not properly informed about it. Please,
do a little research into the matter.


-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]