On 26 January 2016 at 16:57, bruce <badouglas(a)gmail.com> wrote:
What the Heck???
So.. people who think/decide to just disable seLinux, instead of
diving in to "learn" it are just lazy???? Lord.. shaking my head..
How about.. some might be lazy..
Or, some have a bunch of different things to get accomplished, and
aren't looking to be a sysAdmin, so they want to (if possible) get to
the quickest way of getting their "project" working/tested.. And if
the "security/process" of X (in this case selinux) is in the way.. The
learning required to implement that gets shoved back. It's a
prioritization process for a bunch of people.
You have a limited amount of resources, you priortize and keep going.
And yeah, you realize that you might be cutting corners re security,
but you keep going.
And before people say, "you need to learn security, or you shouldn't
be writing apps!!".. not going to happen.
Implementing "good" secutiry, doesn't happen by spending a few hours
on a few sites. You eventually run into issues that "need to be
solved", etc.. which then adds time/effort/resources. And rightly so,
this is why you have skilled sysAdmin resources. But smaller projects
don't have the resources for this process.. so it becomes a matter of
prioritization/resource allocation..
And I say again.. I've been willing to pay hard $$$ for someone
willing to work with me on security.. No takers..!!!
If you're really interested in that then it would be better to
actually advertise.
The central point here, you seem to be arguing that you should disable
all security because you don't have time to learn it and it's
difficult. But I bet you don't plan to just make everything on the
machine world writable and turn off the firewall. Things like SELinux
are actually there to help you. They can't make you do things like
properly encrypt user logins, but they can reduce the risk it's going
to matter. What I've been trying to say is leave it on and there are
plenty of people that can give you advice if you run into problems.
And yes, there are people that should not write apps if they aren't
going to bother with security. If you're not from the UK then search
google for Talktalk hacked, or imagine what would happen if people
could get at your uber account details. Failing to protect user data
properly over here (UK) can attract serious fines.
--
imalone
http://ibmalone.blogspot.co.uk