[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



Arthur Pemberton wrote:
On 9/21/07, Mike McCarty <Mike McCarty sbcglobal net> wrote:


I respect your opinion, and hope you respect those of people like
myself who disagree with you, and think SELinux is a good thing

I don't think I'm required to respect opinions. I hope to treat
people with respect, until they have proven they don't deserve
it.

(5) more opportunity for defects and exploits


An undeniable consequence, but also a valid arguement against
firewalls, package management software, etc.

I'm glad you admit this. Some here seem not to. It's a matter
of perceived risk versus perceived benefit. In graduate school
I took a course in decision theory. Simply build your probability
model, asses costs, and assign a utility function. I have an external
hardware firewall which has not once permitted an external
attack to flow through. I do keep regular backups. If I ever suffer
a successful attack, my machine will be restored to the most
recent backup before the compromise. Then, on a selective basis,
files from the post compromise state will be reintroduced.

My machine is connected to a LAN, which has exactly one other
machine on it: the firewall machine. On the WAN side, the
firewall has exactly one machine connected to it: my ADSL modem.

After a machine has been compromised, IMO it must be restored
to a pre-compromise state. Trying to mitigate damage on a
compromised machine is wrong-headed.

But when that smiling hacker from somewhere finally finally decides that
there are enough Linux users that think like Windows users he will write
that program that will wipe out your milling program.

The only way to make systems robust is to make them simpler, not
more complex.


I don't think that is the only way, complexity may decrease
robustness, but they are not mutually exclusive

Every line of code is a place for a defect to hide.

Please read C.A.R.Hoare's "The Emporer's New Clothes" some time.

Honest Gene. SELinux has never caused me a problem that a simple 'look 'n
fix it' could not solve. It is work in progress and when you use older
releases it can cause problems.

Bully for you.

Mike


Interesting response. What is the purpose of posting to the list if
not to share opinions?

This list has several purposes. Some which come immediately to mind:

(1) sharing opinions about future directions of Linux, and RH in particular; hopefully being able to influence future paths
(2) requesting and receiving assistance from others when faced
with challenges in machine behavior or ignorance of standard
techniques
(3) sharing news and current events of interest to Linux users

"Bully for you" was intended exactly as written, and not as
sarcasm.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]